Report #7088 check_circle

  • Creation Date: Feb. 20, 2020, 4:38 p.m.
  • Last Update: Feb. 20, 2020, 10:44 p.m.
  • File: upnpcont.exe
  • Results:
Binary
DLL
False cancel
Size
18.50KB
trid
38.4% Win32 Dynamic Link Library
26.3% Win32 Executable
11.8% OS/2 Executable
11.6% Generic Win/DOS Executable
11.6% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
a9bfaed14ab3c0672688ac9661141de0
sha1
eb71cef5efb2433559b0902ed528122ea531407f
crc32
0x56ea5f4
sha224
29b0f1c94d59fb73521e4542e99511462177206ce1f7745f1e035290
sha256
1a67e75fa763a08112cbe427cd7d633dc75bb5ddac05d541ddb976ffce988607
sha384
85d1ee800896b5540c5360b9df1c86006b50e60f4a145773a17c583bba47d37110557255d1d683cb4ae46f2b306b068b
sha512
c40c93bf362da1b5b55051c933da57286666030c853f782402f564f37673901947074d855914fd2ca38cf9a98e2823ed501e7dccdaa048ed2078697fa81ce32e
ssdeep
384:pVQ4UqFYLsFIYo2xFAcrWYMWG3U+0liAkFZ692N:jtYwIYo2xVf03Uvl0Z42N
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, HasRichSignature, contentis_base64, win_registry, HasDebugData, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
upnpcont.pdb
upnpcont.dll
upnpcont.dll
'upnpcont.exe'
1 TYPELIB "upnphost.tlb"
ForceRemove {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} = s 'UPnPContainer'
NoRemove AppID
NoRemove CLSID
bstrContainerIdW
IUPnPEventSourced
IUPnPReregistrar,
rReregisterDevice,
|pUnregisterDevice
-= XOR 2009 Valhalla =- Assembled 1997 .. Activated 07.2002 - devoted for peace and harmony in universe against war, racism, terrorism and cruel brutality .. remember .. life is the most important thing - not money .. it's time for a revolution NOW ....
ExitProcess
IUPnPEventSinkWW
RegisterDeviceProviderWW
bstrDeviceIdentifier
IUPnPRegistrarWW
CreateEventW
RegServer
UnregServer
mRegisterRunningDeviceWWW
UPnPRegistrarWWW
RegisterDeviceWW
REGISTRY
TerminateProcess
OpenProcess
UPnPHostLibW
CoCreateInstance
GetModuleHandleA
RegDeleteKeyW
QueryPerformanceCounter
GetModuleFileNameW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
Microsoft Corporation. All rights reserved.
_wcmdln
GetTickCount
OnStateChangedSafeWW
OnStateChangedWW
{4F0AC159-5804-4aa7-AE91-117D6E67BB9B} = s 'upnpcont'
UPnP 1.0 Type LibraryW
!9ReregisterRunningDeviceW
MSFT
val AppID = s '{6d8ff8e0-730d-11d4-bf42-00b0d0118b56}'
8_tIUPnPDeviceProviderW
zLUnregisterDeviceProvider,
LocalServer32 = s '%MODULE%'
CIUPnPRemoteEndpointInfoWX
UPnPRemoteEndpointInfoWW
pbstrDeviceIdentifierWWW
IUPnPDeviceControlWW
__p__commode
_purecall
_except_handler3
_initterm
__p__fmode
|GetTickCount
|GlobalLock
|GlobalAlloc
|GlobalFree
|FindClose
|FindNextFileA
|SetFileAttributesA
|GetFileAttributesA
_endthreadex
stdole2.tlbWWW
__setusermatherr
|hvarsadispidChangesWWd
UPnP Device Host Container
_beginthreadex
|FindFirstFileA
_controlfp
~GetServiceObject
__set_app_type
|GetSystemDirectoryA
__wgetmainargs
_XcptFilter
_adjust_fdiv
NTDLL.DLL
5.1.2600.5512
ATL.DLL
ATL.DLL
Microsoft
Microsoft Corporation
a9pdwValueX
|_lwrite
|_lclose
|_llseek
CompanyName
tpguidValueWW
TEXTINCLUDE
sfPermanentWW
_c_exit
|_lread
|_lopen
bstrProviderName

Foremost
Matches
0.exe, 18 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: upnpcont.dll, ole32.dll, OLEAUT32.dll, KERNEL32.dll, msvcrt.dll, NTDLL.DLL, ADVAPI32.dll, USER32.dll, ATL.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 8192
Suspicious: False cancel
Image
Address: 16777216
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 50125
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc, xor
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 5
Linker
Version: 7.10
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 24576
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: ole32.dll, oleaut32.dll, kernel32.dll, msvcrt.dll, ntdll.dll, advapi32.dll, user32.dll, atl.dll
hasLibs: True check_circle
Suspicious: upnpcont.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2008-04-13 16:00:26
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
xorala
1
VirusTotal
md5
a9bfaed14ab3c0672688ac9661141de0
sha1
eb71cef5efb2433559b0902ed528122ea531407f
SCANS (DETECTION RATE = 86.15%)
AVG
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

CMC
result: Virus.Win32!O
update: 20180216
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=84)
update: 20180216
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.Valla
update: 20180212
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26234
detected: True check_circle

ALYac
result: Win32.Valhalla.2048
update: 20180216
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

Avira
result: W32/Xorala.b
update: 20180216
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Virus.Xorala.a
update: 20180208
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Harmony.A
update: 20180216
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Win32.Valhala.2048
update: 20180216
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Virus.Xorala.A
update: 20180216
version: A:25.16051B:25.11598
detected: True check_circle

Panda
result: W32/Valla.2048
update: 20180216
version: 4.6.4.2
detected: True check_circle

VBA32
result: Win32.Xoralda.2048
update: 20180216
version: 3.12.28.0
detected: True check_circle

Zoner
result: Win32.Xorala.A
update: 20180216
version: 1.0
detected: True check_circle

AVware
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Xorala-1
update: 20180216
version: 0.99.2.0
detected: True check_circle

Comodo
result: Virus.Win32.Xorala.b0
update: 20180216
version: 28535
detected: True check_circle

F-Prot
result: W32/Harmony.A
update: 20180216
version: 4.7.1.166
detected: True check_circle

McAfee
result: W32/Valla.a
update: 20180216
version: 6.0.6.653
detected: True check_circle

Rising
result: Win32.Xorala.a (CLASSIC)
update: 20180216
version: 25.0.0.1
detected: True check_circle

Sophos
result: W32/Rox-A
update: 20180216
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Xorala
update: 20180216
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180216
version: 2.0.0.3493
detected: False cancel

Arcabit
result: Win32.Valhalla.2048
update: 20180216
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180216
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180216
version: 1.2.1
detected: True check_circle

Tencent
result: Virus.Win32.Valla.a
update: 20180216
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Valla.2048
update: 20180216
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20180216
version: 1.0.0.207
detected: False cancel

eGambit
update: 20180216
version: v4.3.4
detected: False cancel

Ad-Aware
result: Win32.Valhalla.2048
update: 20180216
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: W32.Parite.mC1j
update: 20180216
version: 4.2
detected: True check_circle

Emsisoft
update: 20180216
version: 4.0.2.899
detected: False cancel

F-Secure
update: 20180216
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Valla.2048
update: 20180216
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Hacktool/VB.ASPX.a
update: 20180216
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Xorala.2048
update: 20180216
version: 2013.8.14.323
detected: True check_circle

Paloalto
result: generic.ml
update: 20180216
version: 1.0
detected: True check_circle

Symantec
result: W32.Valla.2048
update: 20180216
version: 1.5.0.0
detected: True check_circle

nProtect
result: Virus/W32.Valla
update: 20180216
version: 2018-02-16.02
detected: True check_circle

AhnLab-V3
result: Win32/Valla.2048
update: 20180216
version: 3.11.3.19504
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Xorala.b
update: 20180216
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Xorala
update: 20180216
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Virus:Win32/Valla.2048
update: 20180216
version: 1.1.14500.5
detected: True check_circle

Qihoo-360
update: 20180216
version: 1.0.0.1120
detected: False cancel

TheHacker
result: W32/Valla.a
update: 20180216
version: 6.8.0.5.2415
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Xorala
update: 20180216
version: 1.0
detected: True check_circle

Cybereason
result: malicious.14ab3c
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Xorala.A
update: 20180216
version: 16915
detected: True check_circle

TrendMicro
result: PE_VALLA.A
update: 20180216
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Win32.Valhalla.2048
update: 20180216
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26238
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180115
version: 1.0.12.202
detected: True check_circle

Avast-Mobile
update: 20180216
version: 180216-04
detected: False cancel

TotalDefense
result: Win32/Valla.2048
update: 20180216
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Xorala
update: 20180216
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Xorala.cbehdj
update: 20180216
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Win32.Valhalla.2048
update: 20180216
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180216
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Valla.lm
update: 20180216
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: PE_VALLA.A
update: 20180216
version: 9.950.0.1006
detected: True check_circle

total
65
sha256
1a67e75fa763a08112cbe427cd7d633dc75bb5ddac05d541ddb976ffce988607
scan_id
1a67e75fa763a08112cbe427cd7d633dc75bb5ddac05d541ddb976ffce988607-1518802769
resource
a9bfaed14ab3c0672688ac9661141de0
positives
56
scan_date
2018-02-16 17:39:29
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/2/2020 - 21:45:42.606Read1480C:\malware.exeC:\Windows\PolicyDefinitions
20/2/2020 - 21:45:42.653Read1480C:\malware.exeC:\Windows\PolicyDefinitions
20/2/2020 - 21:45:42.700Unknown1480C:\malware.exeC:\Windows\PolicyDefinitions
20/2/2020 - 21:45:42.700Unknown1480C:\malware.exeC:\Windows\PolicyDefinitions
20/2/2020 - 21:45:42.700Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\Registration
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\Registration
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\SchCache
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\SchCache
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\schemas
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\schemas\TSWorkSpace
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\schemas\TSWorkSpace
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\schemas
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\Setup
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\Setup
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\ShellNew
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\ShellNew
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\Temp
20/2/2020 - 21:45:42.747Unknown1480C:\malware.exeC:\Windows\Temp
20/2/2020 - 21:45:42.747Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:42.793Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:42.793Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:42.793Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:42.793Open1480C:\malware.exeC:\Windows\Web
20/2/2020 - 21:45:42.793Unknown1480C:\malware.exeC:\Windows\Web
20/2/2020 - 21:45:42.793Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\ar-SA
20/2/2020 - 21:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\ar-SA
20/2/2020 - 21:45:42.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\ar-SA
20/2/2020 - 21:45:42.840Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:42.887Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:42.887Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:42.887Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:42.887Open1480C:\malware.exeC:\Windows\SysWOW64\bitsadmin.exe
20/2/2020 - 21:45:42.934Unknown1480C:\malware.exeC:\Windows\SysWOW64\bitsadmin.exebitsadmin.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\bitsadmin.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\bitsadmin.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\bitsadmin.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\System32\catroot
20/2/2020 - 21:45:42.934Unknown1480C:\malware.exeC:\Windows\System32\catroot
20/2/2020 - 21:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\certreq.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\certreq.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\certreq.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\certreq.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\colorcpl.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
20/2/2020 - 21:45:42.981Open1480C:\malware.exeC:\Windows\SysWOW64\cs-CZ
20/2/2020 - 21:45:42.981Read1480C:\malware.exeC:\Windows\SysWOW64\cs-CZ
20/2/2020 - 21:45:43.28Unknown1480C:\malware.exeC:\Windows\SysWOW64\cs-CZ
20/2/2020 - 21:45:43.28Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cttune.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cttune.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cttune.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\cttune.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\de-DE
20/2/2020 - 21:45:43.75Read1480C:\malware.exeC:\Windows\SysWOW64\de-DE
20/2/2020 - 21:45:43.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\de-DE
20/2/2020 - 21:45:43.122Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exeDevicePairingWizard.exe
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\diskperf.exe
20/2/2020 - 21:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\diskperf.exe
20/2/2020 - 21:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\diskperf.exe
20/2/2020 - 21:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\diskperf.exe
20/2/2020 - 21:45:43.262Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.309Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.309Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.309Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.309Open1480C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
20/2/2020 - 21:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
20/2/2020 - 21:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
20/2/2020 - 21:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\dpnsvr.exe
20/2/2020 - 21:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.403Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.403Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.403Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.403Open1480C:\malware.exeC:\Windows\SysWOW64\dxdiag.exe
20/2/2020 - 21:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\dxdiag.exe
20/2/2020 - 21:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\dxdiag.exe
20/2/2020 - 21:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\dxdiag.exe
20/2/2020 - 21:45:43.450Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorAuthn.exe
20/2/2020 - 21:45:43.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\EhStorAuthn.exeEhStorAuthn.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorAuthn.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorAuthn.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\EhStorAuthn.exe
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\el-GR
20/2/2020 - 21:45:43.497Read1480C:\malware.exeC:\Windows\SysWOW64\el-GR
20/2/2020 - 21:45:43.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\el-GR
20/2/2020 - 21:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\es-ES
20/2/2020 - 21:45:43.497Read1480C:\malware.exeC:\Windows\SysWOW64\es-ES
20/2/2020 - 21:45:43.543Unknown1480C:\malware.exeC:\Windows\SysWOW64\es-ES
20/2/2020 - 21:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.590Open1480C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\gpresult.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\GroupPolicy
20/2/2020 - 21:45:43.637Unknown1480C:\malware.exeC:\Windows\SysWOW64\GroupPolicy
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
20/2/2020 - 21:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
20/2/2020 - 21:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
20/2/2020 - 21:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\iexpress.exe
20/2/2020 - 21:45:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\ipconfig.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\ipconfig.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\ipconfig.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\ipconfig.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicli.exe
20/2/2020 - 21:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicpl.exe
20/2/2020 - 21:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicpl.exe
20/2/2020 - 21:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicpl.exe
20/2/2020 - 21:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\iscsicpl.exe
20/2/2020 - 21:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\label.exe
20/2/2020 - 21:45:43.825Open1480C:\malware.exeC:\Windows\SysWOW64\label.exe
20/2/2020 - 21:45:43.825Open1480C:\malware.exeC:\Windows\SysWOW64\label.exe
20/2/2020 - 21:45:43.825Open1480C:\malware.exeC:\Windows\SysWOW64\label.exe
20/2/2020 - 21:45:43.825Open1480C:\malware.exeC:\Windows\System32\LogFiles
20/2/2020 - 21:45:43.825Open1480C:\malware.exeC:\Windows\System32\LogFiles\Firewall
20/2/2020 - 21:45:43.872Unknown1480C:\malware.exeC:\Windows\System32\LogFiles\Firewall
20/2/2020 - 21:45:43.872Open1480C:\malware.exeC:\Windows\System32\LogFiles\WMI
20/2/2020 - 21:45:43.872Unknown1480C:\malware.exeC:\Windows\System32\LogFiles\WMI
20/2/2020 - 21:45:43.872Unknown1480C:\malware.exeC:\Windows\System32\LogFiles
20/2/2020 - 21:45:43.872Open1480C:\malware.exeC:\Windows\SysWOW64\lt-LT
20/2/2020 - 21:45:43.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\lt-LT
20/2/2020 - 21:45:43.872Open1480C:\malware.exeC:\Windows\SysWOW64\manifeststore
20/2/2020 - 21:45:43.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\manifeststore
20/2/2020 - 21:45:43.872Open1480C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\mfpmp.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\msfeedssync.exe
20/2/2020 - 21:45:43.918Unknown1480C:\malware.exeC:\Windows\SysWOW64\msfeedssync.exemsfeedssync.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\msfeedssync.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\msfeedssync.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\msfeedssync.exe
20/2/2020 - 21:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
20/2/2020 - 21:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
20/2/2020 - 21:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
20/2/2020 - 21:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\mtstocom.exe
20/2/2020 - 21:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\NAPSTAT.EXE
20/2/2020 - 21:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\NAPSTAT.EXE
20/2/2020 - 21:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\NAPSTAT.EXE
20/2/2020 - 21:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\NAPSTAT.EXE
20/2/2020 - 21:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\netbtugc.exe
20/2/2020 - 21:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\netbtugc.exe
20/2/2020 - 21:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\netbtugc.exe
20/2/2020 - 21:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\netbtugc.exe
20/2/2020 - 21:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\netsh.exe
20/2/2020 - 21:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\netsh.exe
20/2/2020 - 21:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\netsh.exe
20/2/2020 - 21:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\netsh.exe
20/2/2020 - 21:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\nl-NL
20/2/2020 - 21:45:44.153Read1480C:\malware.exeC:\Windows\SysWOW64\nl-NL
20/2/2020 - 21:45:44.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\nl-NL
20/2/2020 - 21:45:44.200Open1480C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
20/2/2020 - 21:45:44.247Open1480C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
20/2/2020 - 21:45:44.247Open1480C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
20/2/2020 - 21:45:44.247Open1480C:\malware.exeC:\Windows\SysWOW64\nslookup.exe
20/2/2020 - 21:45:44.247Open1480C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
20/2/2020 - 21:45:44.293Open1480C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
20/2/2020 - 21:45:44.293Open1480C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
20/2/2020 - 21:45:44.293Open1480C:\malware.exeC:\Windows\SysWOW64\ntoskrnl.exe
20/2/2020 - 21:45:44.293Open1480C:\malware.exeC:\Windows\SysWOW64\ntprint.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ntprint.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ntprint.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ntprint.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ocsetup.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exeopenfiles.exe
20/2/2020 - 21:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.387Open1480C:\malware.exeC:\Windows\SysWOW64\osk.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\osk.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\osk.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\osk.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\perfhost.exe
20/2/2020 - 21:45:44.434Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
20/2/2020 - 21:45:44.481Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
20/2/2020 - 21:45:44.481Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
20/2/2020 - 21:45:44.481Open1480C:\malware.exeC:\Windows\SysWOW64\printui.exe
20/2/2020 - 21:45:44.481Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR
20/2/2020 - 21:45:44.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR
20/2/2020 - 21:45:44.481Open1480C:\malware.exeC:\Windows\SysWOW64\PushPrinterConnections.exe
20/2/2020 - 21:45:44.528Unknown1480C:\malware.exeC:\Windows\SysWOW64\PushPrinterConnections.exePushPrinterConnections.exe
20/2/2020 - 21:45:44.528Open1480C:\malware.exeC:\Windows\SysWOW64\PushPrinterConnections.exe
20/2/2020 - 21:45:44.528Open1480C:\malware.exeC:\Windows\SysWOW64\PushPrinterConnections.exe
20/2/2020 - 21:45:44.528Open1480C:\malware.exeC:\Windows\SysWOW64\PushPrinterConnections.exe
20/2/2020 - 21:45:44.528Open1480C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rasdial.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exerdrleakdiag.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\Recovery
20/2/2020 - 21:45:44.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\Recovery
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
20/2/2020 - 21:45:44.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exesbunattend.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sbunattend.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\SearchProtocolHost.exe
20/2/2020 - 21:45:44.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\SearchProtocolHost.exeSearchProtocolHost.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\SearchProtocolHost.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\SearchProtocolHost.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\SearchProtocolHost.exe
20/2/2020 - 21:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\SecEdit.exe
20/2/2020 - 21:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\SecEdit.exe
20/2/2020 - 21:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\SecEdit.exe
20/2/2020 - 21:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\SecEdit.exe
20/2/2020 - 21:45:44.622Open1480C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
20/2/2020 - 21:45:44.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exeSetIEInstalledDate.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\SetIEInstalledDate.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\Setup
20/2/2020 - 21:45:44.684Read1480C:\malware.exeC:\Windows\SysWOW64\Setup
20/2/2020 - 21:45:44.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\Setup
20/2/2020 - 21:45:44.747Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\sl-SI
20/2/2020 - 21:45:44.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\sl-SI
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\SndVol.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\sort.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\syskey.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\syskey.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\syskey.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\syskey.exe
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\sysprep
20/2/2020 - 21:45:44.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\sysprep
20/2/2020 - 21:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:44.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exeSystemPropertiesComputerName.exe
20/2/2020 - 21:45:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesHardware.exe
20/2/2020 - 21:45:44.887Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesHardware.exeSystemPropertiesHardware.exe
20/2/2020 - 21:45:44.887Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesHardware.exe
20/2/2020 - 21:45:44.887Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesHardware.exe
20/2/2020 - 21:45:44.887Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesHardware.exe
20/2/2020 - 21:45:44.887Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.934Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exeSystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.934Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
20/2/2020 - 21:45:44.981Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exeSystemPropertiesRemote.exe
20/2/2020 - 21:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
20/2/2020 - 21:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
20/2/2020 - 21:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesRemote.exe
20/2/2020 - 21:45:44.981Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\taskkill.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\tasklist.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\tasklist.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\tasklist.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\tasklist.exe
20/2/2020 - 21:45:45.28Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\uk-UA
20/2/2020 - 21:45:45.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\uk-UA
20/2/2020 - 21:45:45.75Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
20/2/2020 - 21:45:45.122Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
20/2/2020 - 21:45:45.122Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
20/2/2020 - 21:45:45.122Open1480C:\malware.exeC:\Windows\SysWOW64\verifier.exe
20/2/2020 - 21:45:45.122Open1480C:\malware.exeC:\Windows\SysWOW64\wevtutil.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\wevtutil.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\wevtutil.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\wevtutil.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:45.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exewinrshost.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\wscript.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\wscript.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\wscript.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\wscript.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\xpsrchvw.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\xpsrchvw.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\xpsrchvw.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\xpsrchvw.exe
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\XPSViewer
20/2/2020 - 21:45:45.215Unknown1480C:\malware.exeC:\Windows\SysWOW64\XPSViewer
20/2/2020 - 21:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\zh-CN
20/2/2020 - 21:45:45.215Read1480C:\malware.exeC:\Windows\SysWOW64\zh-CN
20/2/2020 - 21:45:45.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\zh-CN
20/2/2020 - 21:45:45.262Open1480C:\malware.exeC:\Windows\SysWOW64\zh-HK
20/2/2020 - 21:45:45.262Read1480C:\malware.exeC:\Windows\SysWOW64\zh-HK
20/2/2020 - 21:45:45.309Unknown1480C:\malware.exeC:\Windows\SysWOW64\zh-HK
20/2/2020 - 21:45:45.309Unknown1480C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\$Recycle.Bin
20/2/2020 - 21:45:45.309Unknown1480C:\malware.exeC:\$Recycle.Bin
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Arquivos de Programas
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Arquivos de Programas
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\PerfLogs
20/2/2020 - 21:45:45.309Unknown1480C:\malware.exeC:\PerfLogs
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows\Branding
20/2/2020 - 21:45:45.309Unknown1480C:\malware.exeC:\Windows\Branding
20/2/2020 - 21:45:45.309Open1480C:\malware.exeC:\Windows\HelpPane.exe
20/2/2020 - 21:45:45.356Open1480C:\malware.exeC:\Windows\HelpPane.exe
20/2/2020 - 21:45:45.356Open1480C:\malware.exeC:\Windows\HelpPane.exe
20/2/2020 - 21:45:45.356Open1480C:\malware.exeC:\Windows\HelpPane.exe
20/2/2020 - 21:45:45.356Open1480C:\malware.exeC:\Windows\ModemLogs
20/2/2020 - 21:45:45.356Unknown1480C:\malware.exeC:\Windows\ModemLogs
20/2/2020 - 21:45:45.356Open1480C:\malware.exeC:\Windows\Panther
20/2/2020 - 21:45:45.356Open1480C:\malware.exeC:\Windows\Panther\setup.exe
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\Panther\setup.exe
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\Panther
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\PolicyDefinitions
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\PolicyDefinitions\en-US
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\PolicyDefinitions\en-US
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\PolicyDefinitions
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\Registration
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\Registration\CRMLog
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\Registration\CRMLog
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\Registration
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\SoftwareDistribution
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\SoftwareDistribution
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\system
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\system
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\TAPI
20/2/2020 - 21:45:45.403Unknown1480C:\malware.exeC:\Windows\TAPI
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\Temp
20/2/2020 - 21:45:45.403Open1480C:\malware.exeC:\Windows\Temp\FirstUX
20/2/2020 - 21:45:45.450Read1480C:\malware.exeC:\Windows\Temp\FirstUX
20/2/2020 - 21:45:45.497Read1480C:\malware.exeC:\Windows\Temp\FirstUX
20/2/2020 - 21:45:45.543Read1480C:\malware.exeC:\Windows\Temp\FirstUX
20/2/2020 - 21:45:45.590Read1480C:\malware.exeC:\Windows\Temp\FirstUX
20/2/2020 - 21:45:45.637Unknown1480C:\malware.exeC:\Windows\Temp\FirstUX
20/2/2020 - 21:45:45.637Unknown1480C:\malware.exeC:\Windows\Temp
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\tracing
20/2/2020 - 21:45:45.637Unknown1480C:\malware.exeC:\Windows\tracing
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\Vss
20/2/2020 - 21:45:45.637Unknown1480C:\malware.exeC:\Windows\Vss
20/2/2020 - 21:45:45.637Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:45.684Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:45.684Unknown1480C:\malware.exeC:\
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:45.684Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Documents and Settings
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Documents and Settings
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:45.684Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\PerfLogs
20/2/2020 - 21:45:45.684Unknown1480C:\malware.exeC:\PerfLogs
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\ProgramData
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\ProgramData\Dados de aplicativos
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\ProgramData\Favoritos
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\ProgramData\Favoritos
20/2/2020 - 21:45:45.684Unknown1480C:\malware.exeC:\ProgramData
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\BitLockerDiscoveryVolumeContents
20/2/2020 - 21:45:45.684Read1480C:\malware.exeC:\Windows\BitLockerDiscoveryVolumeContents
20/2/2020 - 21:45:45.731Read1480C:\malware.exeC:\Windows\BitLockerDiscoveryVolumeContents
20/2/2020 - 21:45:45.778Unknown1480C:\malware.exeC:\Windows\BitLockerDiscoveryVolumeContents
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\debug
20/2/2020 - 21:45:45.778Unknown1480C:\malware.exeC:\Windows\debug
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\DigitalLocker
20/2/2020 - 21:45:45.778Unknown1480C:\malware.exeC:\Windows\DigitalLocker
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\Downloaded Program Files
20/2/2020 - 21:45:45.778Unknown1480C:\malware.exeC:\Windows\Downloaded Program Files
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:45.778Unknown1480C:\malware.exeC:\Windows\fveupdate.exefveupdate.exe
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:45.778Open1480C:\malware.exeC:\Windows\hh.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\hh.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\hh.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\hh.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\Microsoft.NET
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\Microsoft.NET
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\ModemLogs
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\ModemLogs
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\notepad.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\notepad.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\notepad.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\notepad.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\PLA
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\PLA
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\Prefetch
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\Prefetch
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\pt-BR
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\pt-BR
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\pt-BR
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\regedit.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\Setup
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\Setup
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\splwow64.exe
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\Tasks
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\Tasks
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\Web
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows\Web
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:45.825Unknown1480C:\malware.exeC:\
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:45.825Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\CRYPTSP.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 21:45:45.965Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\RpcRtRemote.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 21:45:45.965Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 21:45:45.965Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.14%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.71%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 93.91%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.65%
suspicious: False cancel

Add to Collection
Download