Report #697 check_circle

  • Creation Date: Oct. 19, 2019, 2:23 a.m.
  • Last Update: Oct. 19, 2019, 6:21 a.m.
  • File: 045
  • Results:
Binary
DLL
False cancel
Size
3.47MB
trid
49.7% Windows ActiveX control
17.7% Win32 EXE PECompact compressed
13.3% Win32 Executable MS Visual C++
11.8% Win64 Executable
2.8% Win32 Dynamic Link Library
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
b86c146d20a3181b23818b4c127d8dfd
sha1
41ee31ec03b064dd3e98057394639ac6d78f9f9e
crc32
0x4ef73934
sha224
415e795ebe919a90b01960f0c644bc11adeffa4d7871f678b0c42f9c
sha256
0dfb9f0731f4212113a757d9a0fb59b3e63585be701a18e02b4a7598895ce24c
sha384
31eae866646fd0ba74173b743378f2d0763cceaf9b61b31a5ef5a4daa6040812e8d418add6364aa97acf5090fbe877f9
sha512
519a7005ce6e5261cc40f529eb1f754ea0d125694b9a76741ff56a8074ad86a337addddb0f5c8571fb2308d5a7fd08fac84705531d0ed35a821bf64ca47f4a88
ssdeep
49152:/AVcSlqOOUTd2b4BXMMMMMMGFsgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZyt:/Az2U+4BXMMMMMMGFg5jKNOj+7
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, CRC32b_poly_Constant, Intel_Virtualization_Wizard_exe, HasDebugData, Antivirus, CRC32_poly_Constant, BASE64_table, escalate_priv, HasRichSignature, VC8_Random, RIPEMD160_Constants, DebuggerException__SetConsoleCtrl, spreading_share, create_service, antisb_threatExpert, network_dns, cred_local, network_http, win_files_operation, IsPE32, win_hook, disable_dep, contentis_base64, network_tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, migrate_apc, IsWindowsGUI, Check_Dlls, DebuggerHiding__Thread, network_udp_sock, anti_dbg, HasDigitalSignature, network_tcp_listen, DebuggerCheck__QueryInfo, url, create_com_service, SHA1_Constants, android_meterpreter, win_registry, Typical_Malware_String_Transforms, HasOverlay, Browsers, network_dga, Advapi_Hash_API, Big_Numbers5, System_Tools, Big_Numbers3, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
https://secure.comodo.net/CPS0C
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
http://www.win-rar.comHhttp://www.win-rar.com/buyredirect.html?L=0&BL=0&src=drp&arch=32&ver=530
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/

Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://ts-ocsp.ws.symantec.com07, http://ocsp.comodoca.com0, http://crl.thawte.com/thawtetimestampingca.crl0, file://, http://crl.comodoca.com/comodorsacertificationauthority.crl0q, http://crl.comodoca.com/comodorsacodesigningca.crl0t, http://ocsp.thawte.com0, http://crt.comodoca.com/comodorsaaddtrustca.crt0$, http://crl.usertrust.com/addtrustexternalcaroot.crl05, http://www.rarlab.com/themes.htm, https://secure.comodo.net/cps0c, http://ocsp.usertrust.com0, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<, http://crt.comodoca.com/comodorsacodesigningca.crt0$, http://www.win-rar.comhhttp://www.win-rar.com/buyredirect.html?l=0&bl=0&src=drp&arch=32&ver=530
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: rarext64.dll, rarext.dll, riched20.dll, KERNEL32.DLL, cabinet.dll, UnAceV2.Dll, Wkernel32.dll, mscoree.dll, \SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL, riched32.dll, comctl32.dll, shell32.dll, MAPI32.DLL, Crypt32.dll, rarlng.dll, 7zxa.dll, SHLWAPI.dll, OLEAUT32.dll, UxTheme.dll, ole32.dll, USER32.dll, ADVAPI32.dll, GDI32.dll, COMDLG32.dll
hasFiles: True check_circle
Suspicious: %s.tmp, rar.log, rarinfo.log, *.txt, \winrar_theme_description.txt, Rar.txt, winrar_theme_description.txt, rarreg.txt, WhatsNew.txt, hhctrl.ocx, Setup\.cab, Setup\.jar, WinRAR.ZIP, Setup\.zip, Setup\.iso, *.exe *.com *.pif *.scr *.bat *.cmd *.lnk, WinRAR.lnk, zipnew.dat, rarnew.dat, version.dat, Settings.reg, *.reg
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 1081344
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 9.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 966571
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: riched20.dll, kernel32.dll, cabinet.dll, mscoree.dll, riched32.dll, comctl32.dll, shell32.dll, mapi32.dll, crypt32.dll, shlwapi.dll, oleaut32.dll, uxtheme.dll, ole32.dll, user32.dll, advapi32.dll, gdi32.dll, comdlg32.dll
hasLibs: True check_circle
Suspicious: rarext64.dll, rarext.dll, unacev2.dll, wkernel32.dll, \software\microsoft\windows\currentversion\app paths\avgse.dll, rarlng.dll, 7zxa.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-11-18 07:14:52
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1
.rsrc: 6
.text: 1
.rdata: 2
.reloc: 47

nopsequence
.rsrc: 2

pushpopmath
.data: 1
.rsrc: 12
.text: 6
.rdata: 9
.reloc: 56

garbagebytes
.data: 1
.rsrc: 3
.text: 1
.reloc: 17

hookdetection
.text: 1
.reloc: 6

stealthimport
.text: 4

software breakpoint
.rsrc: 3
.text: 10
.reloc: 11

programcontrolflowchange
.data: 1
.rsrc: 3
.text: 1
.reloc: 17

cpuinstructionsresultscomparison
.data: 1
.rsrc: 30
.rdata: 52
.reloc: 6

AVclass
sality
1
VirusTotal
md5
b86c146d20a3181b23818b4c127d8dfd
sha1
41ee31ec03b064dd3e98057394639ac6d78f9f9e
SCANS
AVG
result: Win32:SaliCode
update: 20190906
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=88)
update: 20190906
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190906
version: 5.60
detected: True check_circle

Bkav
result: W32.Sality.PE
update: 20190903
version: 1.3.0.10239
detected: True check_circle

K7GW
result: Virus ( f10001071 )
update: 20190906
version: 11.65.31928
detected: True check_circle

ALYac
result: Win32.Sality.3
update: 20190906
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:SaliCode
update: 20190906
version: 18.4.3895.0
detected: True check_circle

Avira
result: W32/Sality.AT
update: 20190906
version: 8.3.3.8
detected: True check_circle

Baidu
result: Win32.Virus.Sality.gen
update: 20190318
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Sality.gen2
update: 20190906
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Win32.Sector.30
update: 20190906
version: 7.0.41.7240
detected: True check_circle

GData
result: Win32.Sality.3
update: 20190906
version: A:25.23285B:26.15960
detected: True check_circle

Panda
result: W32/Sality.AA
update: 20190905
version: 4.6.4.2
detected: True check_circle

VBA32
result: Virus.Win32.Sality.bakb
update: 20190905
version: 4.0.0
detected: True check_circle

VIPRE
result: Virus.Win32.Sality.atbh (v)
update: 20190905
version: 77656
detected: True check_circle

Zoner
result: Trojan.Win32.Sality.22009
update: 20190906
version: 1.0.0.1
detected: True check_circle

ClamAV
update: 20190905
version: 0.101.4.0
detected: False cancel

Comodo
update: 20190906
version: 31432
detected: False cancel

F-Prot
result: W32/Sality.gen2
update: 20190906
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Virus.Win32.Sality
update: 20190905
version: 0.1.5.2
detected: True check_circle

McAfee
result: W32/Sality.gen.z
update: 20190906
version: 6.0.6.653
detected: True check_circle

Rising
result: Virus.Sality!1.A5BD (CLASSIC)
update: 20190906
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Sality-D
update: 20190906
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Sality.FA.Gen
update: 20190822
version: 5.5.2.24
detected: True check_circle

Zillya
result: Virus.Sality.Win32.25
update: 20190905
version: 2.0.0.3894
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
result: Virus:Win32/Sality.ddbe4389
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Win32.Sality.3
update: 20190906
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190906
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.b86c146d20a3181b
update: 20190906
version: 29.7.0.0
detected: True check_circle

TACHYON
result: Virus/W32.Sality.D
update: 20190906
version: 2019-09-06.01
detected: True check_circle

Tencent
result: Virus.Win32.TuTu.Gen.200004
update: 20190906
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Sality.Gen.A
update: 20190905
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20190906
version: 1.0.0.403
detected: False cancel

eGambit
result: Trojan.Generic
update: 20190906
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Win32.Sality.3
update: 20190906
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Virus.Win32.Sality.v!c
update: 20190906
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.Sality.3 (B)
update: 20190906
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Malware.W32/Sality.AT
update: 20190905
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W95/SK.8699
update: 20190906
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Win32/HLLP.Kuku.poly2
update: 20190906
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190906
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190906
version: 1.0
detected: True check_circle

Symantec
result: W32.Sality.AE
update: 20190906
version: 1.10.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20190826
version: 3.1.81.800
detected: True check_circle

AhnLab-V3
result: Win32/Kashu.E
update: 20190906
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Sality.gen
update: 20190906
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Sality.gen
update: 20190906
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20190905
version: 1.0.0.1
detected: False cancel

Microsoft
result: Virus:Win32/Sality.AT
update: 20190906
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: Virus.Win32.Sality.I
update: 20190906
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Sality.gen
update: 20190906
version: 1.0
detected: True check_circle

Cybereason
result: malicious.d20a31
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/Sality.NBA
update: 20190906
version: 19974
detected: True check_circle

TrendMicro
result: PE_SALITY.ER
update: 20190906
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Win32.Sality.3
update: 20190906
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Virus ( f10001071 )
update: 20190906
version: 11.65.31928
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190905
version: 190905-02
detected: False cancel

Malwarebytes
update: 20190906
version: 2.1.1.1115
detected: False cancel

TotalDefense
result: Win32/Sality.AA
update: 20190905
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Sality.U
update: 20190905
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Sality.bzkem
update: 20190906
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Win32.Sality.3
update: 20190906
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190830
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Sality.wh
update: 20190906
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: PE_SALITY.ER
update: 20190906
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
0dfb9f0731f4212113a757d9a0fb59b3e63585be701a18e02b4a7598895ce24c
scan_id
0dfb9f0731f4212113a757d9a0fb59b3e63585be701a18e02b4a7598895ce24c-1567748851
resource
b86c146d20a3181b23818b4c127d8dfd
positives
62
scan_date
2019-09-06 05:47:31
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 5:45:43.731Open1480C:\malware.exeC:\RICHED20.dll
19/10/2019 - 5:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
19/10/2019 - 5:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
19/10/2019 - 5:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\NTUSER.DAT
19/10/2019 - 5:45:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\version.dat
19/10/2019 - 5:45:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\version.dat
19/10/2019 - 5:45:43.809Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\version.dat
19/10/2019 - 5:45:43.809Open1480C:\malware.exeC:\dwmapi.dll
19/10/2019 - 5:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\sfc.DLL
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\sfc.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\sfc.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\sfc_os.DLL
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\sfc_os.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\sfc_os.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\winsxs\FileMaps\users_behemot_appdata_local_temp_2e8d4dddeb709d8e.cdf-ms
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\DEVRTL.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\devrtl.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\devrtl.dll
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:45:44.28Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\winkragp.exe
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
19/10/2019 - 5:45:44.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\Settings.reg
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\Settings.reg
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Settings.reg
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Settings.reg
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Settings.reg
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Settings.reg
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 5:45:44.28Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\Themes
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\WinRAR\Themes
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Themes
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Themes
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Themes
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Themes
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\UxTheme.dll.Config
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
19/10/2019 - 5:45:44.43Open1480C:\malware.exeC:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\WindowsCodecs.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\apphelp.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.59Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.122Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.184Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.231Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui
19/10/2019 - 5:45:44.325Read1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\EhStorShell.dll.muiEhStorShell.dll.mui
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\EhStorShell.dll.mui
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\EhStorShell.dll.muiEhStorShell.dll.mui
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dll
19/10/2019 - 5:45:44.372Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorShell.dllEhStorShell.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.372Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Read1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Read1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\srvcli.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\cscapi.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\slc.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\slc.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:44.700Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:44.700Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:44.700Read1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.168Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.184Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:45.465Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:45.465Open1480C:\malware.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:45.465Open1480C:\malware.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:45.465Read1480C:\malware.exeC:\Users\Public\Desktop\desktop.ini
19/10/2019 - 5:45:45.465Open1480C:\malware.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.465Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:45.606Open1480C:\malware.exeC:\Windows\SysWOW64\drprov.dll
19/10/2019 - 5:45:45.653Open1480C:\malware.exeC:\Windows\SysWOW64\drprov.dll
19/10/2019 - 5:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
19/10/2019 - 5:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
19/10/2019 - 5:45:45.887Open1480C:\malware.exeC:\Windows\SysWOW64\ntlanman.dll
19/10/2019 - 5:45:45.934Open1480C:\malware.exeC:\Windows\SysWOW64\ntlanman.dll
19/10/2019 - 5:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\davclnt.dll
19/10/2019 - 5:45:46.262Open1480C:\malware.exeC:\Windows\SysWOW64\davclnt.dll
19/10/2019 - 5:45:46.543Open1480C:\malware.exeC:\Windows\SysWOW64\davhlpr.dll
19/10/2019 - 5:45:46.590Open1480C:\malware.exeC:\Windows\SysWOW64\davhlpr.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\wkscli.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\netutils.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\
19/10/2019 - 5:45:46.965Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.965Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.200Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.200Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.200Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.200Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.200Read1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.200Read1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.247Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.247Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.247Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.293Open1480C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\Windows\SysWOW64\winmm.dll
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\Windows\SysWOW64\winmm.dll
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:47.309Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:47.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
19/10/2019 - 5:45:47.325Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 5:45:47.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:47.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:47.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/10/2019 - 5:45:47.325Open1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dll
19/10/2019 - 5:45:47.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.325Open1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dll
19/10/2019 - 5:45:47.325Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.325Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.372Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.418Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.465Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.512Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.559Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.606Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.653Read1480C:\malware.exeC:\Windows\SysWOW64\PortableDeviceApi.dllPortableDeviceApi.dll
19/10/2019 - 5:45:47.700Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.747Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\
19/10/2019 - 5:45:47.747Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:47.747Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.747Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.747Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.747Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.856Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.856Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.856Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.856Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.856Read1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.856Read1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.965Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.965Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:47.965Open1480C:\malware.exeC:\Windows\SysWOW64\audiodev.dll
19/10/2019 - 5:45:48.12Open1480C:\malware.exeC:\Windows\SysWOW64\WMVCORE.DLL
19/10/2019 - 5:45:48.12Open1480C:\malware.exeC:\Windows\SysWOW64\WMVCORE.DLL
19/10/2019 - 5:45:48.293Open1480C:\malware.exeC:\
19/10/2019 - 5:45:48.481Open1480C:\malware.exeC:\Windows\SysWOW64\WMASF.DLL
19/10/2019 - 5:45:48.481Open1480C:\malware.exeC:\Windows\SysWOW64\WMASF.DLL
19/10/2019 - 5:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dll
19/10/2019 - 5:45:49.231Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dll
19/10/2019 - 5:45:49.231Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.247Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.247Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.278Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.309Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.325Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.325Read1480C:\malware.exeC:\Windows\SysWOW64\EhStorAPI.dllEhStorAPI.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.372Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.372Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:49.372Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.372Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.372Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.372Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.387Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.387Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.387Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts\desktop.ini
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts
19/10/2019 - 5:45:49.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Network Shortcuts
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\Secur32.dll
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\samcli.dll
19/10/2019 - 5:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\samcli.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\samcli.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\SAMLIB.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\samlib.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\samlib.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:49.434Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:49.450Unknown1480C:\malware.exeC:\Users\Behemot\Desktop
19/10/2019 - 5:45:49.450Unknown1480C:\malware.exeC:\Users\Public\Desktop
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.450Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:49.450Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:49.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:49.465Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.465Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.465Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.465Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.465Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.481Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.481Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.481Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.481Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.481Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.481Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.497Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.497Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.497Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.497Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.497Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.497Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.497Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.497Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\imageres.dll
19/10/2019 - 5:45:49.512Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Windows\System32\pt-BR\imageres.dll.mui
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\windows\SysWOW64\pt\imageres.dll.mui
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.mui
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Windows\SysWOW64\en-US\imageres.dll.muiimageres.dll.mui
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\WKCDController.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\WKCDController.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\WKCDController.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\WKCDController.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Monitor\zip.exe
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
19/10/2019 - 5:45:49.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
19/10/2019 - 5:45:49.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
19/10/2019 - 5:45:50.372Open1480C:\malware.exeC:\Arquivos de Programas
19/10/2019 - 5:45:50.372Open1480C:\malware.exeC:\Arquivos de Programas
19/10/2019 - 5:45:53.512Open1480C:\malware.exeC:\Documents and Settings
19/10/2019 - 5:45:53.512Open1480C:\malware.exeC:\Documents and Settings
19/10/2019 - 5:45:54.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:54.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:45:56.637Open1480C:\malware.exeC:\Monitor
19/10/2019 - 5:45:58.731Open1480C:\malware.exeC:\Monitor\Files
19/10/2019 - 5:46:0.793Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:46:0.793Unknown1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Windows\winsxs\FileMaps\users_behemot_appdata_local_temp_2e8d4dddeb709d8e.cdf-ms
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:46:3.731Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\jmocj.exe
19/10/2019 - 5:46:3.950Open1480C:\malware.exeC:\Monitor\Files\Logs
19/10/2019 - 5:46:3.950Unknown1480C:\malware.exeC:\Monitor\Files\Logs
19/10/2019 - 5:46:4.981Unknown1480C:\malware.exeC:\Monitor\Files
19/10/2019 - 5:46:8.75Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 5:46:8.75Open1480C:\malware.exeC:\Windows\winsxs\FileMaps\monitor_malware_a080fecbfb8656fd.cdf-ms
19/10/2019 - 5:46:8.75Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:46:8.75Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:46:8.75Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:46:8.75Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:46:8.75Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:46:8.75Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 5:46:21.481Open1480C:\malware.exeC:\Monitor\Microsoft Terminal Services\1197f7
19/10/2019 - 5:46:24.809Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Write1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Unknown1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Unknown1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Unknown1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:24.809Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:24.809Write1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:24.809Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:24.809Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:24.809Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:24.809Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:34.903Open1480C:\malware.exeC:\Monitor\Microsoft Windows Network\11cc65
19/10/2019 - 5:46:35.934Open1480C:\malware.exeC:\browcli.dll
19/10/2019 - 5:46:35.934Open1480C:\malware.exeC:\Windows\SysWOW64\browcli.dll
19/10/2019 - 5:46:35.981Open1480C:\malware.exeC:\Windows\SysWOW64\browcli.dll
19/10/2019 - 5:46:38.606Open1480C:\malware.exeC:\Monitor\WORKGROUP\11dadc
19/10/2019 - 5:46:42.75Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace\W7VM1
19/10/2019 - 5:46:39.637Open1480C:\malware.exe\Device\Mup\W7VM1\11dee3\
19/10/2019 - 5:46:42.637Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace\W7VM1
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exe\Device\Mup\.\.\
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exe\Device\Mup\.\.\
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exe\Device\Mup\.\.\
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exe\Device\Mup\.\.\
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exe\Device\Mup\.\.\
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exe\Device\Mup\.\.\
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Unknown1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace
19/10/2019 - 5:46:43.668Open1480C:\malware.exe\Device\Mup\;Csc\.\.\W7VM1
19/10/2019 - 5:46:43.668Open1480C:\malware.exeC:\Windows\CSC\v2.0.6\namespace\W7VM1
19/10/2019 - 5:46:43.668Open1480C:\malware.exe\Device\Mup\W7VM1\Users\11eea3
19/10/2019 - 5:46:44.840Unknown1480C:\malware.exe\Device\Mup\W7VM1\Users\11eea3
19/10/2019 - 5:46:44.934Open1480C:\malware.exe\Device\Mup\W7VM1\Users\11eea3
19/10/2019 - 5:46:46.28Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 5:46:45.559Delete1480C:\malware.exe\Device\Mup\W7VM1\Users\11eea3
19/10/2019 - 5:46:46.168Unknown1480C:\malware.exe\Device\Mup\W7VM1\Users\11eea3
19/10/2019 - 5:46:46.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:46:46.262Open1480C:\malware.exe\Device\Mup\W7VM1\Users\hpqbau.tmp
19/10/2019 - 5:46:47.12Write1480C:\malware.exe\Device\Mup\W7VM1\Users\hpqbau.tmp
19/10/2019 - 5:46:47.340Write1480C:\malware.exeC:\Users\hpqbau.tmp
19/10/2019 - 5:46:47.340Unknown1480C:\malware.exe\Device\Mup\W7VM1\Users\hpqbau.tmp
19/10/2019 - 5:46:47.434Open1480C:\malware.exe\Device\Mup\W7VM1\Users\hpqbau.tmp
19/10/2019 - 5:46:48.43Unknown1480C:\malware.exe\Device\Mup\W7VM1\Users\hpqbau.tmp
19/10/2019 - 5:46:50.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 5:46:51.825Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:51.825Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:46:51.825Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:51.825Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:46:52.247Open1480C:\malware.exe\Device\Mup\W7VM1\Users\
19/10/2019 - 5:46:57.12Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users
19/10/2019 - 5:46:57.434Open1480C:\malware.exeC:\ProgramData
19/10/2019 - 5:47:1.575Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Application Data\
19/10/2019 - 5:47:1.762Open1480C:\malware.exeC:\ProgramData\Application Data
19/10/2019 - 5:47:1.762Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Application Data\
19/10/2019 - 5:47:1.950Open1480C:\malware.exeC:\ProgramData\Application Data
19/10/2019 - 5:47:1.950Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Application Data\Application Data.lnk
19/10/2019 - 5:47:2.231Open1480C:\malware.exeC:\ProgramData\Application Data\Application Data.lnk
19/10/2019 - 5:47:2.231Open1480C:\malware.exeC:\ProgramData\Application Data.lnk
19/10/2019 - 5:47:2.231Write1480C:\malware.exeC:\ProgramData\Application Data.lnkApplication Data.lnk
19/10/2019 - 5:47:7.372Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Dados de aplicativos\
19/10/2019 - 5:47:7.559Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:47:7.559Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Dados de aplicativos\
19/10/2019 - 5:47:7.747Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
19/10/2019 - 5:47:7.747Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Dados de aplicativos\Dados de aplicativos.lnk
19/10/2019 - 5:47:8.75Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos\Dados de aplicativos.lnk
19/10/2019 - 5:47:8.75Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos.lnk
19/10/2019 - 5:47:8.75Write1480C:\malware.exeC:\ProgramData\Dados de aplicativos.lnkDados de aplicativos.lnk
19/10/2019 - 5:47:13.215Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Desktop\
19/10/2019 - 5:47:13.403Open1480C:\malware.exeC:\ProgramData\Desktop
19/10/2019 - 5:47:13.403Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Desktop\
19/10/2019 - 5:47:13.590Open1480C:\malware.exeC:\ProgramData\Desktop
19/10/2019 - 5:47:13.590Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Desktop\bjcr
19/10/2019 - 5:47:13.872Open1480C:\malware.exeC:\ProgramData\Desktop\bjcr
19/10/2019 - 5:47:13.872Open1480C:\malware.exeC:\Users\Public\Desktop\bjcr
19/10/2019 - 5:47:13.872Write1480C:\malware.exeC:\Users\Public\Desktop\bjcr
19/10/2019 - 5:47:18.872Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:47:18.872Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:47:18.872Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:47:18.872Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:47:19.106Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Documentos\
19/10/2019 - 5:47:19.293Open1480C:\malware.exeC:\ProgramData\Documentos
19/10/2019 - 5:47:19.293Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Documentos\
19/10/2019 - 5:47:19.481Open1480C:\malware.exeC:\ProgramData\Documentos
19/10/2019 - 5:47:19.481Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Documentos\All Users.lnk
19/10/2019 - 5:47:19.762Open1480C:\malware.exeC:\ProgramData\Documentos\All Users.lnk
19/10/2019 - 5:47:19.762Open1480C:\malware.exeC:\Users\Public\Documents\All Users.lnk
19/10/2019 - 5:47:19.762Write1480C:\malware.exeC:\Users\Public\Documents\All Users.lnkAll Users.lnk
19/10/2019 - 5:47:24.934Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Documents\
19/10/2019 - 5:47:25.122Open1480C:\malware.exeC:\ProgramData\Documents
19/10/2019 - 5:47:25.122Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Documents\
19/10/2019 - 5:47:25.309Open1480C:\malware.exeC:\ProgramData\Documents
19/10/2019 - 5:47:25.309Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Documents\Documentos.lnk
19/10/2019 - 5:47:25.590Open1480C:\malware.exeC:\ProgramData\Documents\Documentos.lnk
19/10/2019 - 5:47:25.590Open1480C:\malware.exeC:\Users\Public\Documents\Documentos.lnk
19/10/2019 - 5:47:25.590Write1480C:\malware.exeC:\Users\Public\Documents\Documentos.lnkDocumentos.lnk
19/10/2019 - 5:47:30.747Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Favorites\
19/10/2019 - 5:47:30.981Open1480C:\malware.exeC:\ProgramData\Favorites
19/10/2019 - 5:47:30.981Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Favorites\
19/10/2019 - 5:47:31.168Open1480C:\malware.exeC:\ProgramData\Favorites
19/10/2019 - 5:47:31.168Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Favorites\lswq
19/10/2019 - 5:47:31.450Open1480C:\malware.exeC:\ProgramData\Favorites\lswq
19/10/2019 - 5:47:31.450Open1480C:\malware.exeC:\Users\Public\Favorites\lswq
19/10/2019 - 5:47:31.450Write1480C:\malware.exeC:\Users\Public\Favorites\lswq
19/10/2019 - 5:47:36.606Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Favoritos\
19/10/2019 - 5:47:36.793Open1480C:\malware.exeC:\ProgramData\Favoritos
19/10/2019 - 5:47:36.793Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Favoritos\
19/10/2019 - 5:47:36.981Open1480C:\malware.exeC:\ProgramData\Favoritos
19/10/2019 - 5:47:36.981Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Favoritos\ajwljt
19/10/2019 - 5:47:37.262Open1480C:\malware.exeC:\ProgramData\Favoritos\ajwljt
19/10/2019 - 5:47:37.262Open1480C:\malware.exeC:\Users\Public\Favorites\ajwljt
19/10/2019 - 5:47:37.262Write1480C:\malware.exeC:\Users\Public\Favorites\ajwljt
19/10/2019 - 5:47:42.403Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Menu Iniciar\
19/10/2019 - 5:47:42.590Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:47:42.590Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Menu Iniciar\
19/10/2019 - 5:47:42.778Open1480C:\malware.exeC:\ProgramData\Menu Iniciar
19/10/2019 - 5:47:42.778Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Menu Iniciar\Menu Iniciar.lnk
19/10/2019 - 5:47:43.59Open1480C:\malware.exeC:\ProgramData\Menu Iniciar\Menu Iniciar.lnk
19/10/2019 - 5:47:43.59Open1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Menu Iniciar.lnk
19/10/2019 - 5:47:43.59Write1480C:\malware.exeC:\ProgramData\Microsoft\Windows\Start Menu\Menu Iniciar.lnkMenu Iniciar.lnk
19/10/2019 - 5:47:45.965Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:47:45.965Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:47:45.965Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:47:45.965Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:47:48.309Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\
19/10/2019 - 5:47:48.622Open1480C:\malware.exeC:\ProgramData\Microsoft
19/10/2019 - 5:47:52.793Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\
19/10/2019 - 5:47:53.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
19/10/2019 - 5:47:57.278Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\
19/10/2019 - 5:47:57.590Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
19/10/2019 - 5:48:1.762Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\
19/10/2019 - 5:48:2.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
19/10/2019 - 5:48:6.231Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\
19/10/2019 - 5:48:6.543Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
19/10/2019 - 5:48:6.543Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Desktop.lnk
19/10/2019 - 5:48:6.856Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Desktop.lnk
19/10/2019 - 5:48:6.934Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Desktop.lnk
19/10/2019 - 5:48:6.934Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\en-US
19/10/2019 - 5:48:12.168Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\pt-BR\
19/10/2019 - 5:48:12.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
19/10/2019 - 5:48:12.481Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
19/10/2019 - 5:48:12.559Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H.lnk
19/10/2019 - 5:48:12.872Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H.lnk
19/10/2019 - 5:48:12.872Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR\Help_MTOC_help.H1H.lnkHelp_MTOC_help.H1H.lnk
19/10/2019 - 5:48:12.872Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR
19/10/2019 - 5:48:13.75Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:48:13.75Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:48:13.75Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:48:13.75Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:48:18.122Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\pt-BR_en-US\
19/10/2019 - 5:48:18.434Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
19/10/2019 - 5:48:18.434Read1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
19/10/2019 - 5:48:18.512Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Menu Iniciar.lnk
19/10/2019 - 5:48:18.825Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Menu Iniciar.lnk
19/10/2019 - 5:48:18.903Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US\Menu Iniciar.lnkMenu Iniciar.lnk
19/10/2019 - 5:48:18.903Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\pt-BR_en-US
19/10/2019 - 5:48:19.997Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\1.0\Favorites.lnk
19/10/2019 - 5:48:20.309Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\Favorites.lnk
19/10/2019 - 5:48:20.309Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0\Favorites.lnkFavorites.lnk
19/10/2019 - 5:48:20.309Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\1.0
19/10/2019 - 5:48:21.403Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\Client\Menu Iniciar.lnk
19/10/2019 - 5:48:21.715Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\Menu Iniciar.lnk
19/10/2019 - 5:48:21.715Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client\Menu Iniciar.lnkMenu Iniciar.lnk
19/10/2019 - 5:48:21.715Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\Client
19/10/2019 - 5:48:22.809Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Assistance\All Users.lnk
19/10/2019 - 5:48:23.122Open1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\All Users.lnk
19/10/2019 - 5:48:23.122Write1480C:\malware.exeC:\ProgramData\Microsoft\Assistance\All Users.lnkAll Users.lnk
19/10/2019 - 5:48:23.122Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Assistance
19/10/2019 - 5:48:28.372Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\
19/10/2019 - 5:48:28.684Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
19/10/2019 - 5:48:32.825Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\DSS\
19/10/2019 - 5:48:33.137Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
19/10/2019 - 5:48:37.293Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\DSS\MachineKeys\
19/10/2019 - 5:48:37.606Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
19/10/2019 - 5:48:37.606Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\DSS\MachineKeys\pt-BR.lnk
19/10/2019 - 5:48:37.918Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\pt-BR.lnk
19/10/2019 - 5:48:38.75Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\pt-BR.lnk
19/10/2019 - 5:48:38.75Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
19/10/2019 - 5:48:39.168Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\DSS\Help_MKWD_BestBet.H1W.lnk
19/10/2019 - 5:48:39.481Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\Help_MKWD_BestBet.H1W.lnk
19/10/2019 - 5:48:39.481Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS\Help_MKWD_BestBet.H1W.lnkHelp_MKWD_BestBet.H1W.lnk
19/10/2019 - 5:48:39.481Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\DSS
19/10/2019 - 5:48:40.137Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:48:40.137Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:48:40.137Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:48:40.137Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:48:44.715Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\Keys\
19/10/2019 - 5:48:45.28Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
19/10/2019 - 5:48:45.28Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\Keys\Documents.lnk
19/10/2019 - 5:48:45.340Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\Documents.lnk
19/10/2019 - 5:48:45.340Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys\Documents.lnkDocuments.lnk
19/10/2019 - 5:48:45.340Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\Keys
19/10/2019 - 5:48:50.543Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA\
19/10/2019 - 5:48:50.903Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
19/10/2019 - 5:48:55.43Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\
19/10/2019 - 5:48:55.356Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
19/10/2019 - 5:48:55.356Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\Help_MValidator.Lck.lnk
19/10/2019 - 5:48:55.668Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\Help_MValidator.Lck.lnk
19/10/2019 - 5:48:55.668Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\Help_MValidator.Lck.lnkHelp_MValidator.Lck.lnk
19/10/2019 - 5:48:55.668Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
19/10/2019 - 5:49:0.918Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\
19/10/2019 - 5:49:1.231Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
19/10/2019 - 5:49:1.231Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\Help_MKWD_AssetId.H1W.lnk
19/10/2019 - 5:49:1.543Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\Help_MKWD_AssetId.H1W.lnk
19/10/2019 - 5:49:1.700Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\Help_MKWD_AssetId.H1W.lnkHelp_MKWD_AssetId.H1W.lnk
19/10/2019 - 5:49:1.700Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18
19/10/2019 - 5:49:2.793Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18.lnk
19/10/2019 - 5:49:3.106Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18.lnk
19/10/2019 - 5:49:3.106Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18.lnk
19/10/2019 - 5:49:3.106Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA
19/10/2019 - 5:49:4.200Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Crypto\RSA.lnk
19/10/2019 - 5:49:4.512Open1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA.lnk
19/10/2019 - 5:49:4.512Write1480C:\malware.exeC:\ProgramData\Microsoft\Crypto\RSA.lnk
19/10/2019 - 5:49:4.512Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Crypto
19/10/2019 - 5:49:7.215Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:49:7.215Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:49:7.215Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:49:7.215Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:49:9.762Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\
19/10/2019 - 5:49:10.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage
19/10/2019 - 5:49:14.215Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Device\
19/10/2019 - 5:49:14.528Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
19/10/2019 - 5:49:18.684Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\
19/10/2019 - 5:49:18.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
19/10/2019 - 5:49:18.997Read1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
19/10/2019 - 5:49:19.75Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Help_MKWD_AssetId.H1W.lnk
19/10/2019 - 5:49:19.387Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Help_MKWD_AssetId.H1W.lnk
19/10/2019 - 5:49:19.387Write1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Help_MKWD_AssetId.H1W.lnkHelp_MKWD_AssetId.H1W.lnk
19/10/2019 - 5:49:19.387Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}
19/10/2019 - 5:49:24.622Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\
19/10/2019 - 5:49:24.934Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
19/10/2019 - 5:49:24.934Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\cfftaq
19/10/2019 - 5:49:25.247Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\cfftaq
19/10/2019 - 5:49:25.325Write1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\cfftaq
19/10/2019 - 5:49:25.325Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}
19/10/2019 - 5:49:26.387Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Device\superbar.png.lnk
19/10/2019 - 5:49:26.700Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\superbar.png.lnk
19/10/2019 - 5:49:26.778Write1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device\superbar.png.lnksuperbar.png.lnk
19/10/2019 - 5:49:26.778Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Device
19/10/2019 - 5:49:32.43Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Task\
19/10/2019 - 5:49:32.356Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task
19/10/2019 - 5:49:34.309Open1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:49:34.309Read1480C:\malware.exeC:\autorun.inf
19/10/2019 - 5:49:34.309Open1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:49:34.309Unknown1480C:\malware.exeC:\yohunl.pif
19/10/2019 - 5:49:36.497Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\
19/10/2019 - 5:49:36.809Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}
19/10/2019 - 5:49:40.965Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\
19/10/2019 - 5:49:41.278Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
19/10/2019 - 5:49:41.278Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\mxbc
19/10/2019 - 5:49:41.590Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\mxbc
19/10/2019 - 5:49:41.590Write1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR\mxbc
19/10/2019 - 5:49:41.590Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pt-BR
19/10/2019 - 5:49:42.684Open1480C:\malware.exe\Device\Mup\W7VM1\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c.lnk
19/10/2019 - 5:49:42.997Open1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c.lnk
19/10/2019 - 5:49:42.997Write1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c.lnk3c2e06c7c0bc7a9e74e7e0309e2c0b97_fa25e266-6d0f-4de2-813a-bf4374e0628c.lnk
19/10/2019 - 5:49:42.997Unknown1480C:\malware.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Name
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Default
19/10/2019 - 5:45:43.731Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ArcName
19/10/2019 - 5:45:43.731Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileNames
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ImmExec
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ExclNames
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0StoreNames
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0UseRAR
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0RAR5
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SFXModule
19/10/2019 - 5:45:43.731Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SFX
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SFXIcon
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SFXLogo
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SFXElevate
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0CmtFile
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0CmtDataWide
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0VolumeSize
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0VolSizeMod
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0VolPause
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0OldVolNames
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0RecVolNumber
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Update
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Fresh
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SyncFiles
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Overwrite
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Move
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ArcRecBin
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ArcWipe
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0WipeIfPassword
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Solid
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Test
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0RecEnabled
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0RecSize
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0EraseDest
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0AddArcOnly
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ClearArc
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Lock
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Method
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0DictSizeLZ
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0DictSize
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Background
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0WaitForOther
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0Shutdown
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0PasswordWide
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0EncryptHeaders
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0OpenShared
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ProcessOwners
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SaveStreams
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SaveSymLinks
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SaveHardLinks
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0GenerateArcName
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0VersionControl
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0BLAKE2
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileCopies
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0QuickOpen
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0GenerateMask
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileTimeMode
19/10/2019 - 5:45:43.731Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileDays
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileHours
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileMinutes
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileTimeBefore
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0FileTimeAfter
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ArcTimeOriginal
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ArcTimeLatest
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0mtime
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0ctime
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0atime
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0PathsAbs
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0PathsNone
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0PathsAbsDrive
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0SeparateArc
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0EmailArcTo
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\0PackDetails
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Name
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Default
19/10/2019 - 5:45:43.747Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ArcName
19/10/2019 - 5:45:43.747Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileNames
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ImmExec
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ExclNames
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1StoreNames
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1UseRAR
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1RAR5
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SFXModule
19/10/2019 - 5:45:43.747Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SFX
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SFXIcon
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SFXLogo
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SFXElevate
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1CmtFile
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1CmtDataWide
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1VolumeSize
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1VolSizeMod
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1VolPause
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1OldVolNames
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1RecVolNumber
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Update
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Fresh
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SyncFiles
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Overwrite
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Move
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ArcRecBin
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ArcWipe
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1WipeIfPassword
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Solid
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Test
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1RecEnabled
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1RecSize
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1EraseDest
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1AddArcOnly
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ClearArc
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Lock
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Method
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1DictSizeLZ
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1DictSize
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Background
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1WaitForOther
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1Shutdown
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1PasswordWide
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1EncryptHeaders
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1OpenShared
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ProcessOwners
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SaveStreams
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SaveSymLinks
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SaveHardLinks
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1GenerateArcName
19/10/2019 - 5:45:43.747Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1VersionControl
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1BLAKE2
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileCopies
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1QuickOpen
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1GenerateMask
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileTimeMode
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileDays
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileHours
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileMinutes
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileTimeBefore
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1FileTimeAfter
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ArcTimeOriginal
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ArcTimeLatest
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1mtime
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1ctime
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1atime
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1PathsAbs
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1PathsNone
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1PathsAbsDrive
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1SeparateArc
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1EmailArcTo
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\1PackDetails
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Name
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Default
19/10/2019 - 5:45:43.762Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ArcName
19/10/2019 - 5:45:43.762Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileNames
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ImmExec
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ExclNames
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2StoreNames
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2UseRAR
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2RAR5
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SFXModule
19/10/2019 - 5:45:43.762Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SFX
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SFXIcon
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SFXLogo
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SFXElevate
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2CmtFile
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2CmtDataWide
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2VolumeSize
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2VolSizeMod
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2VolPause
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2OldVolNames
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2RecVolNumber
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Update
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Fresh
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SyncFiles
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Overwrite
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Move
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ArcRecBin
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ArcWipe
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2WipeIfPassword
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Solid
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Test
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2RecEnabled
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2RecSize
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2EraseDest
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2AddArcOnly
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ClearArc
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Lock
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Method
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2DictSizeLZ
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2DictSize
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Background
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2WaitForOther
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2Shutdown
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2PasswordWide
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2EncryptHeaders
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2OpenShared
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ProcessOwners
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SaveStreams
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SaveSymLinks
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SaveHardLinks
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2GenerateArcName
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2VersionControl
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2BLAKE2
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileCopies
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2QuickOpen
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2GenerateMask
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileTimeMode
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileDays
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileHours
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileMinutes
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileTimeBefore
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2FileTimeAfter
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ArcTimeOriginal
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ArcTimeLatest
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2mtime
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2ctime
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2atime
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2PathsAbs
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2PathsNone
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2PathsAbsDrive
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2SeparateArc
19/10/2019 - 5:45:43.762Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2EmailArcTo
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\2PackDetails
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Name
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Default
19/10/2019 - 5:45:43.778Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ArcName
19/10/2019 - 5:45:43.778Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileNames
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ImmExec
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ExclNames
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3StoreNames
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3UseRAR
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3RAR5
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SFXModule
19/10/2019 - 5:45:43.778Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SFX
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SFXIcon
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SFXLogo
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SFXElevate
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3CmtFile
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3CmtDataWide
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3VolumeSize
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3VolSizeMod
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3VolPause
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3OldVolNames
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3RecVolNumber
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Update
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Fresh
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SyncFiles
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Overwrite
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Move
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ArcRecBin
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ArcWipe
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3WipeIfPassword
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Solid
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Test
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3RecEnabled
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3RecSize
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3EraseDest
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3AddArcOnly
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ClearArc
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Lock
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Method
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3DictSizeLZ
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3DictSize
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Background
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3WaitForOther
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3Shutdown
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3PasswordWide
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3EncryptHeaders
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3OpenShared
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ProcessOwners
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SaveStreams
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SaveSymLinks
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SaveHardLinks
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3GenerateArcName
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3VersionControl
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3BLAKE2
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileCopies
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3QuickOpen
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3GenerateMask
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileTimeMode
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileDays
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileHours
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileMinutes
19/10/2019 - 5:45:43.778Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileTimeBefore
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3FileTimeAfter
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ArcTimeOriginal
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ArcTimeLatest
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3mtime
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3ctime
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3atime
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3PathsAbs
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3PathsNone
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3PathsAbsDrive
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3SeparateArc
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3EmailArcTo
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\3PackDetails
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Name
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Default
19/10/2019 - 5:45:43.793Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ArcName
19/10/2019 - 5:45:43.793Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileNames
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ImmExec
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ExclNames
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4StoreNames
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4UseRAR
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4RAR5
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SFXModule
19/10/2019 - 5:45:43.793Delete1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SFX
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SFXIcon
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SFXLogo
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SFXElevate
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4CmtFile
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4CmtDataWide
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4VolumeSize
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4VolSizeMod
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4VolPause
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4OldVolNames
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4RecVolNumber
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Update
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Fresh
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SyncFiles
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Overwrite
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Move
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ArcRecBin
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ArcWipe
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4WipeIfPassword
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Solid
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Test
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4RecEnabled
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4RecSize
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4EraseDest
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4AddArcOnly
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ClearArc
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Lock
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Method
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Background
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4WaitForOther
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4Shutdown
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4PasswordWide
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4EncryptHeaders
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4OpenShared
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ProcessOwners
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SaveStreams
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SaveSymLinks
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SaveHardLinks
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4GenerateArcName
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4VersionControl
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4BLAKE2
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileCopies
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4QuickOpen
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4GenerateMask
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileTimeMode
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileDays
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileHours
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileMinutes
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileTimeBefore
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4FileTimeAfter
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ArcTimeOriginal
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ArcTimeLatest
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4mtime
19/10/2019 - 5:45:43.793Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4ctime
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4atime
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4PathsAbs
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4PathsNone
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4PathsAbsDrive
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4SeparateArc
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4EmailArcTo
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\Profiles\4PackDetails
19/10/2019 - 5:45:43.809Write1480C:\malware.exeHKCU\Software\WinRAR\GeneralVerInfo
19/10/2019 - 5:45:44.43Write1480C:\malware.exeHKCU\Software\WinRAR\Interface\ThemesShellExtBMP
19/10/2019 - 5:45:44.43Write1480C:\malware.exeHKCU\Software\WinRAR\Interface\ThemesShellExtIcon
19/10/2019 - 5:45:49.434Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/10/2019 - 5:46:4.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:46:4.793Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:46:4.793Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:46:4.793Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:46:4.793Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:46:4.793Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:46:4.793Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:46:31.825Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:46:31.825Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:46:31.825Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:46:31.825Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:46:31.825Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:46:31.825Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:46:31.825Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:46:58.856Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:46:58.856Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:46:58.856Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:46:58.856Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:46:58.856Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:46:58.856Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:46:58.856Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:47:25.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:47:25.918Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:47:25.918Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:47:25.918Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:47:25.918Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:47:25.918Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:47:25.918Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:47:44.75Delete1480C:\malware.exe\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBootAlternateShell
19/10/2019 - 5:47:53.28Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:47:53.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:47:53.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:47:53.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:47:53.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:47:53.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:47:53.28Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:48:20.106Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:48:20.106Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:48:20.106Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:48:20.106Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:48:20.106Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:48:20.106Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:48:20.106Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:48:47.184Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:48:47.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:48:47.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:48:47.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:48:47.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:48:47.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:48:47.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:49:14.262Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:49:14.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:49:14.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:49:14.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:49:14.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:49:14.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:49:14.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify
19/10/2019 - 5:49:41.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHidden
19/10/2019 - 5:49:41.356Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusOverride
19/10/2019 - 5:49:41.356Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterAntiVirusDisableNotify
19/10/2019 - 5:49:41.356Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallDisableNotify
19/10/2019 - 5:49:41.356Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterFirewallOverride
19/10/2019 - 5:49:41.356Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUpdatesDisableNotify
19/10/2019 - 5:49:41.356Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security CenterUacDisableNotify

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 99.40%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 75.00%
suspicious: False cancel
Add to Collection
Download