Report #673 check_circle

  • Creation Date: Oct. 19, 2019, 2:19 a.m.
  • Last Update: Oct. 19, 2019, 4:05 a.m.
  • File: 020
  • Results:
Binary
DLL
False cancel
Size
2.30MB
trid
26.8% InstallShield setup
25.8% Win32 EXE PECompact compressed
19.4% Win32 Executable MS Visual C++
17.2% Win64 Executable
4.0% Win32 Dynamic Link Library
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e9780acb272981a08382e8386c44f9d6
sha1
c47326c230881e762ce69b789c398307ae866127
crc32
0xe4e28cbb
sha224
f176cf2ef3be2c045d70fed8752d32b908acd37fdd66aa58cb764bf7
sha256
09c9eb55d6be8dfbe03170518bc37f9c4732d6aa80b6e4eeb57514699755c81c
sha384
4bc2278b6b694180d1f1621c86ab4167850bd8cbdea402926b6d73e5adc61e735a39534c9f6ee4b77e47bcd030e26c70
sha512
a89962249add8957de742730fa9f96730f12d596f8f8cf817e3004dfa8d45f59a909a4fe8c8a4ec97231051a41029e272ba0948b60f8014c3481e45888469e68
ssdeep
49152:IOctnPxgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+swIOTKq5:J2Pp5jKNOj+7
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, HasDebugData, BASE64_table, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, DebuggerException__SetConsoleCtrl, spreading_share, create_service, antisb_threatExpert, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_hook, disable_dep, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, migrate_apc, IsWindowsGUI, Big_Numbers5, DebuggerHiding__Thread, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, Microsoft_Visual_Cpp_8, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Check_Dlls, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 308 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 13.2.94.58, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, USER32.dll, mscoree.dll, GDI32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 225280
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 8316
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, user32.dll, mscoree.dll, gdi32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2007-12-03 09:25:51
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 26
.text: 33

nopsequence
.rsrc: 465

pushpopmath
.data: 2
.rsrc: 12
.text: 20
.rdata: 6
.reloc: 2

ss register
.rsrc: 1

garbagebytes
.rsrc: 10
.text: 12

hookdetection
.text: 1

software breakpoint
.data: 1
.rsrc: 1
.text: 6
.reloc: 2

fakeconditionaljumps
.rsrc: 2
.text: 2

programcontrolflowchange
.rsrc: 8
.text: 11

cpuinstructionsresultscomparison
.rsrc: 3
.text: 6

AVclass
yakes
1
VirusTotal
md5
e9780acb272981a08382e8386c44f9d6
sha1
c47326c230881e762ce69b789c398307ae866127
SCANS
AVG
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=87)
update: 20190906
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190906
version: 5.60
detected: True check_circle

Bkav
update: 20190903
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190906
version: 11.65.31928
detected: False cancel

ALYac
result: Trojan.GenericKD.40822911
update: 20190906
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20190906
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20190906
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190906
version: 6.2.0.1
detected: False cancel

DrWeb
update: 20190906
version: 7.0.41.7240
detected: False cancel

GData
result: Trojan.GenericKD.40822911
update: 20190906
version: A:25.23285B:26.15960
detected: True check_circle

Panda
update: 20190905
version: 4.6.4.2
detected: False cancel

VBA32
result: Trojan.Yakes
update: 20190905
version: 4.0.0
detected: True check_circle

VIPRE
update: 20190906
version: 77674
detected: False cancel

Zoner
update: 20190906
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20190905
version: 0.101.4.0
detected: False cancel

Comodo
update: 20190906
version: 31432
detected: False cancel

F-Prot
update: 20190906
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20190905
version: 0.1.5.2
detected: False cancel

McAfee
result: Artemis!E9780ACB2729
update: 20190906
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Generic@ML.100 (RDML:geQcY205cLeOjaZdWLbROA)
update: 20190906
version: 25.0.0.24
detected: True check_circle

Sophos
update: 20190906
version: 4.98.0
detected: False cancel

Yandex
result: Trojan.Yakes!IReEXXizNNY
update: 20190822
version: 5.5.2.24
detected: True check_circle

Zillya
result: Adware.Yakes.Win32.136
update: 20190905
version: 2.0.0.3894
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Generic.D26EE87F
update: 20190906
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190906
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20190819
version: 3.0.14
detected: False cancel

FireEye
result: Generic.mg.e9780acb272981a0
update: 20190906
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190906
version: 2019-09-06.01
detected: False cancel

Tencent
update: 20190906
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190905
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190906
version: 1.0.0.403
detected: False cancel

eGambit
result: Trojan.Generic
update: 20190906
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.40822911
update: 20190906
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Yakes.4!c
update: 20190906
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40822911 (B)
update: 20190906
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20190905
version: 12.0.86.52
detected: False cancel

Fortinet
result: W32/GenKryptik.CUBY!tr
update: 20190906
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190904
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.Yakes.abzx
update: 20190906
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190906
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190906
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190906
version: 1.10.0.0
detected: True check_circle

Trapmine
update: 20190826
version: 3.1.81.800
detected: False cancel

AhnLab-V3
result: Malware/Gen.Generic.C2886725
update: 20190906
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Yakes
update: 20190906
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20190906
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Fuerboos.C!cl
update: 20190906
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
update: 20190906
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20190906
version: 1.0
detected: False cancel

Cybereason
result: malicious.b27298
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.GNUD
update: 20190906
version: 19974
detected: True check_circle

TrendMicro
update: 20190906
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.40822911
update: 20190906
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20190906
version: 11.65.31928
detected: False cancel

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190905
version: 190905-02
detected: False cancel

Malwarebytes
result: Trojan.Yakes
update: 20190906
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190906
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Fuerboos
update: 20190905
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Yakes.fkyurj
update: 20190906
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40822911
update: 20190906
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190830
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20190906
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190906
version: 10.0.0.1040
detected: False cancel

total
70
sha256
09c9eb55d6be8dfbe03170518bc37f9c4732d6aa80b6e4eeb57514699755c81c
scan_id
09c9eb55d6be8dfbe03170518bc37f9c4732d6aa80b6e4eeb57514699755c81c-1567748899
resource
e9780acb272981a08382e8386c44f9d6
positives
37
scan_date
2019-09-06 05:48:19
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 3:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\version.DLL
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\WINHTTP.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\webio.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\NETAPI32.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\netutils.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\srvcli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\wkscli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\SAMCLI.DLL
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\samcli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\samcli.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Secur32.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:10.543Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:46:10.622Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.622Write1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.622Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.622Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.622Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.622Write1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.622Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:46:10.622Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.668Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\PROPSYS.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:46:10.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
19/10/2019 - 3:46:10.668Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:46:10.668Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\System32\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
19/10/2019 - 3:46:10.668Open1480C:\malware.exeC:\Windows\System32\propsys.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat:Zone.Identifier
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Read1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Open1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.715Unknown1480C:\malware.exeC:\1142156.bat
19/10/2019 - 3:46:10.731Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.731Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.731Open1480C:\malware.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
19/10/2019 - 3:46:10.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 3:46:10.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 3:46:10.934Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:10.934Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 3:46:10.934Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:10.934Unknown2432C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:10.934Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:10.934Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:10.981Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 3:46:10.981Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 3:46:10.981Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.153Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\"C:\Monitor\Malware\1142156.bat"
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:11.153Read2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.153Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor
19/10/2019 - 3:46:11.153Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.309Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.309Unknown2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:11.309Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.309Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.309Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:46:11.309Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:46:11.309Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:46:11.309Open2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\Prefetch\ATTRIB.EXE-73917FEA.pf
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows
19/10/2019 - 3:46:11.356Unknown752C:\Windows\SysWOW64\attrib.exeC:\Windows
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Monitor
19/10/2019 - 3:46:11.356Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\ulib.dll
19/10/2019 - 3:46:11.372Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\ulib.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\pt-BR\attrib.exe.mui
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Monitor
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\Monitor
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.512Open752C:\Windows\SysWOW64\attrib.exeC:\malware.exe
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\malware.exe
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\malware.exe
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\Windows
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\Monitor
19/10/2019 - 3:46:11.512Unknown752C:\Windows\SysWOW64\attrib.exeC:\Windows\SysWOW64\pt-BR\attrib.exe.muiattrib.exe.mui
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.559Read2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.559Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.559Read2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.559Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:46:11.559Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.559Unknown2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:46:11.559Unknown2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.559Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:46:11.559Unknown2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:46:11.559Open2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 3:47:18.918Delete2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\malware.exe
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Read2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Read2432C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Read2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 3:47:18.918Delete2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
19/10/2019 - 3:47:18.918Open2432C:\Windows\SysWOW64\cmd.exeC:\1142156.bat
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Windows
19/10/2019 - 3:47:18.918Unknown2432C:\Windows\SysWOW64\cmd.exeC:\Monitor

Process
Trace
19/10/2019 - 3:46:10.872Create1480C:\malware.exe2432C:\Windows\SysWOW64\cmd.exe
19/10/2019 - 3:46:11.309Create2432C:\Windows\SysWOW64\cmd.exe752C:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:46:11.512Terminate2432C:\Windows\SysWOW64\cmd.exe752C:\Windows\SysWOW64\attrib.exe
19/10/2019 - 3:47:18.918Terminate1480C:\malware.exe2432C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/10/2019 - 3:46:10.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 98.30%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 57.00%
suspicious: False cancel
Add to Collection
Download