Report #7089 check_circle

  • Creation Date: Feb. 20, 2020, 4:38 p.m.
  • Last Update: Feb. 20, 2020, 10:48 p.m.
  • File: utilman.exe
  • Results:
Binary
DLL
False cancel
Size
51.00KB
trid
64.5% Win32 Executable MS Visual C++
13.6% Win32 Dynamic Link Library
9.3% Win32 Executable
4.1% OS/2 Executable
4.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
7de5631dacefd94209c8cedfbdeb8021
sha1
db3b3f6804c09e1a2bb37ae8c2d22c2f42b64617
crc32
0x2bbe22e8
sha224
8dbda163295bd4f1c0316ce8703b5ed652c2f32ae4b4b28de64e66f7
sha256
a4a5120d977858c3a9300415c989413fb252fa45074f6d93253907f97b26fc1b
sha384
36d0974f309892ed3e573965715c5b8af36479e69570b2e0bdfc853912026f4ff7d14c7442998e13872039cc74d938fd
sha512
6dbd329e47d4b6de851f0bf43f5eaace7d99d2d624b4b33a509c18dd44434fa48597d1444a2a04fd83e6e7d1d58c3fa9b4b09a63da920db534c591c3d1233c13
ssdeep
768:G1e0cukwxpWNwg+JXDJ+N5jk7VSBqqMdoTC35MDLvoroZ4h/:2xpW1oTKI7VeLMdoTCpZrom9
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, IP, HasRichSignature, win_files_operation, win_registry, HasDebugData, win_token, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
UtilMan.pdb
WINSTA.dll
WINSTA.dll
Software\Microsoft\Windows NT\CurrentVersion\Accessibility\Utility Manager
<assemblyIdentity name="Microsoft.Windows.Accessibility.UtilityManager" version="5.1.0.0" type="win32" processorArchitecture="x86"/>
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
NETAPI32.dll
NETAPI32.dll
USERENV.dll
USERENV.dll
wtsapi32.dll
ntdll.dll
gUManDlg.dll
Software\Microsoft\Utility Manager
UtilMan.exe
UtilMan.exe
Start with Utility Manager
OOBE is running
name="Microsoft.Windows.Common-Controls"
ErrorOnLaunch
_wcsnicmp
_wcsicmp
\pipe\winlogonrpc
u.VSSh
publicKeyToken="6595b64144ccf1df"
Exception: Code %8.8x Flags %8.8x Address %8.8x
-= XOR 2009 Valhalla =- Assembled 1997 .. Activated 07.2002 - devoted for peace and harmony in universe against war, racism, terrorism and cruel brutality .. remember .. life is the most important thing - not money .. it's time for a revolution NOW ....
_acmdln
GetProcAddress
UtilityManagerClientDataFile
UtilityManagerClientHeaderFile
CreateEventW
CreateProcessW
OpenProcess
TerminateProcess
EnumProcesses
EnumProcessModules
CreateProcessAsUserW
CoCreateInstance
MapViewOfFile
ControlService
RegCreateKeyExW
CreateFileMappingW
RegSetValueExW
StartServiceW
OpenSCManagerW
GetModuleFileNameW
FreeLibrary
RegEnumKeyW
RegQueryValueExW
QueryPerformanceCounter
OpenServiceW
LoadLibraryW
RegOpenKeyExW
GetModuleHandleA
CreateFileW
Utility Manager
WinSta0
GetTickCount
SetTimer
debug
Sleep
<description>Utility Manager</description>
WinSta0_DesktopSwitch
_wsplitpath
version="6.0.0.0"
StopUtilityManagerEvent
UtilityManagerIsActiveEvent
UtilityManagerDesktopChanged
__p__commode
_except_handler3
language="*"
ELD++BBIPBPUVUVVUKKIIII++++KKKPK9)XU:)N
type="win32"
_initterm
ARVTO@@@@@@CCCNNNNSSSSSSSNNNC@@@@@@@@@CPUO
__p__fmode
|GetTickCount
<dependentAssembly>
|GlobalLock
|GlobalAlloc
|GlobalFree
|FindClose
|FindNextFileA
|GetFileAttributesA
|SetFileAttributesA
screen-saver
<assemblyIdentity
__setusermatherr
|FindFirstFileA
</dependentAssembly>
_controlfp
FWZVY@S@@Y@YVTSSOOMOMMDCV\B
__set_app_type
|GetSystemDirectoryA
+-,.4031652,
__getmainargs
_XcptFilter
<dependency>
_adjust_fdiv

Foremost
Matches
0.exe, 51 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: gUManDlg.dll, wtsapi32.dll, WINSTA.dll, ntdll.dll, ADVAPI32.dll, ole32.dll, USER32.dll, RPCRT4.dll, PSAPI.DLL, msvcrt.dll, NETAPI32.dll, USERENV.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 27136
Suspicious: False cancel
Image
Address: 16777216
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 107954
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc, xor
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 5
Linker
Version: 7.10
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 61440
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: wtsapi32.dll, winsta.dll, ntdll.dll, advapi32.dll, ole32.dll, user32.dll, rpcrt4.dll, psapi.dll, msvcrt.dll, netapi32.dll, userenv.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: gumandlg.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2008-04-13 15:36:12
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
xorala
1
VirusTotal
md5
7de5631dacefd94209c8cedfbdeb8021
sha1
db3b3f6804c09e1a2bb37ae8c2d22c2f42b64617
SCANS (DETECTION RATE = 92.65%)
AVG
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

CMC
result: Virus.Win32!O
update: 20180216
version: 1.1.0.977
detected: True check_circle

MAX
result: malware (ai score=100)
update: 20180216
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.Valla
update: 20180212
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26234
detected: True check_circle

ALYac
result: Win32.Valhalla.2048
update: 20180216
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Valla
update: 20180216
version: 18.1.3800.0
detected: True check_circle

Avira
result: W32/Xorala.b
update: 20180216
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Virus.Xorala.a
update: 20180208
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Harmony.A
update: 20180216
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Win32.Valhala.2048
update: 20180216
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Virus.Xorala.A
update: 20180216
version: A:25.16049B:25.11597
detected: True check_circle

Panda
result: W32/Valla.2048
update: 20180216
version: 4.6.4.2
detected: True check_circle

VBA32
result: Win32.Xoralda.2048
update: 20180216
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 64642
detected: True check_circle

Zoner
result: Win32.Xorala.A
update: 20180216
version: 1.0
detected: True check_circle

AVware
result: Virus.Win32.Valla.a (v)
update: 20180216
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Xorala-1
update: 20180216
version: 0.99.2.0
detected: True check_circle

Comodo
result: Virus.Win32.Xorala.b0
update: 20180216
version: 28535
detected: True check_circle

F-Prot
result: W32/Harmony.A
update: 20180216
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Win32.Xorala
update: 20180216
version: 0.1.5.2
detected: True check_circle

McAfee
result: W32/Valla.a
update: 20180216
version: 6.0.6.653
detected: True check_circle

Rising
result: Win32.Xorala.a (CLASSIC)
update: 20180216
version: 25.0.0.1
detected: True check_circle

Sophos
result: W32/Rox-A
update: 20180216
version: 4.98.0
detected: True check_circle

Yandex
result: Win32.Xorala
update: 20180216
version: 5.5.1.3
detected: True check_circle

Zillya
result: Virus.Xorala.Win32.1
update: 20180216
version: 2.0.0.3493
detected: True check_circle

Arcabit
result: Win32.Valhalla.2048
update: 20180216
version: 1.0.0.830
detected: True check_circle

Cylance
result: Unsafe
update: 20180216
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180214
version: 1.2.0
detected: True check_circle

Tencent
result: Virus.Win32.Valla.a
update: 20180216
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Win32.Valla.2048
update: 20180216
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20180216
version: 1.0.0.207
detected: False cancel

eGambit
update: 20180216
version: v4.3.4
detected: False cancel

Ad-Aware
result: Win32.Valhalla.2048
update: 20180216
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: W32.W.Runouce.l4QL
update: 20180216
version: 4.2
detected: True check_circle

Emsisoft
result: Win32.Valhalla.2048 (B)
update: 20180216
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Win32.Valhalla.2048
update: 20180216
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Valla.2048
update: 20180216
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Hacktool/VB.ASPX.a
update: 20180216
version: 16.0.100
detected: True check_circle

Kingsoft
result: Win32.Xorala.2048
update: 20180216
version: 2013.8.14.323
detected: True check_circle

Paloalto
result: generic.ml
update: 20180216
version: 1.0
detected: True check_circle

Symantec
result: W32.Valla.2048
update: 20180216
version: 1.5.0.0
detected: True check_circle

nProtect
result: Virus/W32.Valla
update: 20180216
version: 2018-02-16.02
detected: True check_circle

AhnLab-V3
result: Win32/Valla.2048
update: 20180216
version: 3.11.3.19504
detected: True check_circle

Antiy-AVL
result: Virus/Win32.Xorala.b
update: 20180216
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Virus.Win32.Xorala
update: 20180216
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Virus:Win32/Valla.2048
update: 20180216
version: 1.1.14500.5
detected: True check_circle

Qihoo-360
result: Virus.Win32.Agent.A
update: 20180216
version: 1.0.0.1120
detected: True check_circle

TheHacker
result: W32/Valla.a
update: 20180213
version: 6.8.0.5.2403
detected: True check_circle

ZoneAlarm
result: Virus.Win32.Xorala
update: 20180216
version: 1.0
detected: True check_circle

Cybereason
result: malicious.dacefd
update: 20180205
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Xorala.A
update: 20180216
version: 16915
detected: True check_circle

TrendMicro
result: PE_VALLA.A
update: 20180216
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180205
detected: False cancel

BitDefender
result: Win32.Valhalla.2048
update: 20180216
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Virus ( 0008d6e31 )
update: 20180216
version: 10.40.26233
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180115
version: 1.0.12.202
detected: True check_circle

Avast-Mobile
update: 20180216
version: 180216-02
detected: False cancel

Malwarebytes
result: Virus.Valhalla
update: 20180216
version: 2.1.1.1115
detected: True check_circle

TotalDefense
result: Win32/Valla.2048
update: 20180216
version: 37.1.62.1
detected: True check_circle

CAT-QuickHeal
result: W32.Xorala
update: 20180216
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Virus.Win32.Xorala.cbehdj
update: 20180216
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Win32.Valhalla.2048
update: 20180216
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180216
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Ramnit.qh
update: 20180216
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: PE_VALLA.A
update: 20180216
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
a4a5120d977858c3a9300415c989413fb252fa45074f6d93253907f97b26fc1b
scan_id
a4a5120d977858c3a9300415c989413fb252fa45074f6d93253907f97b26fc1b-1518791314
resource
7de5631dacefd94209c8cedfbdeb8021
positives
63
scan_date
2018-02-16 14:28:34
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/2/2020 - 21:45:43.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exeDevicePairingWizard.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DevicePairingWizard.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:43.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exeDeviceProperties.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\Dism
20/2/2020 - 21:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\Dism\pt-BR
20/2/2020 - 21:45:43.606Read1480C:\malware.exeC:\Windows\SysWOW64\Dism\pt-BR
20/2/2020 - 21:45:43.653Unknown1480C:\malware.exeC:\Windows\SysWOW64\Dism\pt-BR
20/2/2020 - 21:45:43.653Unknown1480C:\malware.exeC:\Windows\SysWOW64\Dism
20/2/2020 - 21:45:43.653Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\doskey.exe
20/2/2020 - 21:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\DpiScaling.exe
20/2/2020 - 21:45:43.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\DpiScaling.exeDpiScaling.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\DpiScaling.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\DpiScaling.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\DpiScaling.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\drvinst.exe
20/2/2020 - 21:45:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\dvdupgrd.exe
20/2/2020 - 21:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\esentutl.exe
20/2/2020 - 21:45:43.840Open1480C:\malware.exeC:\Windows\SysWOW64\esentutl.exe
20/2/2020 - 21:45:43.840Open1480C:\malware.exeC:\Windows\SysWOW64\esentutl.exe
20/2/2020 - 21:45:43.840Open1480C:\malware.exeC:\Windows\SysWOW64\esentutl.exe
20/2/2020 - 21:45:43.840Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.887Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.887Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.887Open1480C:\malware.exeC:\Windows\SysWOW64\eventvwr.exe
20/2/2020 - 21:45:43.887Open1480C:\malware.exeC:\Windows\SysWOW64\fr-FR
20/2/2020 - 21:45:43.887Read1480C:\malware.exeC:\Windows\SysWOW64\fr-FR
20/2/2020 - 21:45:43.934Unknown1480C:\malware.exeC:\Windows\SysWOW64\fr-FR
20/2/2020 - 21:45:43.934Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:43.981Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:43.981Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:43.981Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:43.981Open1480C:\malware.exeC:\Windows\SysWOW64\hr-HR
20/2/2020 - 21:45:43.981Unknown1480C:\malware.exeC:\Windows\SysWOW64\hr-HR
20/2/2020 - 21:45:43.981Open1480C:\malware.exeC:\Windows\SysWOW64\hu-HU
20/2/2020 - 21:45:43.981Read1480C:\malware.exeC:\Windows\SysWOW64\hu-HU
20/2/2020 - 21:45:44.28Unknown1480C:\malware.exeC:\Windows\SysWOW64\hu-HU
20/2/2020 - 21:45:44.28Open1480C:\malware.exeC:\Windows\SysWOW64\ja-JP
20/2/2020 - 21:45:44.28Read1480C:\malware.exeC:\Windows\SysWOW64\ja-JP
20/2/2020 - 21:45:44.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\ja-JP
20/2/2020 - 21:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\ko-KR
20/2/2020 - 21:45:44.75Read1480C:\malware.exeC:\Windows\SysWOW64\ko-KR
20/2/2020 - 21:45:44.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\ko-KR
20/2/2020 - 21:45:44.122Open1480C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
20/2/2020 - 21:45:44.122Unknown1480C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exemcbuilder.exe
20/2/2020 - 21:45:44.122Open1480C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
20/2/2020 - 21:45:44.122Open1480C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
20/2/2020 - 21:45:44.122Open1480C:\malware.exeC:\Windows\SysWOW64\mcbuilder.exe
20/2/2020 - 21:45:44.122Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\MRINFO.EXE
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\msiexec.exe
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\msiexec.exe
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\msiexec.exe
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\msiexec.exe
20/2/2020 - 21:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msinfo32.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msra.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msra.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msra.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\msra.exe
20/2/2020 - 21:45:44.215Open1480C:\malware.exeC:\Windows\SysWOW64\nb-NO
20/2/2020 - 21:45:44.215Read1480C:\malware.exeC:\Windows\SysWOW64\nb-NO
20/2/2020 - 21:45:44.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\nb-NO
20/2/2020 - 21:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\net1.exe
20/2/2020 - 21:45:44.309Open1480C:\malware.exeC:\Windows\SysWOW64\net1.exe
20/2/2020 - 21:45:44.309Open1480C:\malware.exeC:\Windows\SysWOW64\net1.exe
20/2/2020 - 21:45:44.309Open1480C:\malware.exeC:\Windows\SysWOW64\net1.exe
20/2/2020 - 21:45:44.309Open1480C:\malware.exeC:\Windows\SysWOW64\notepad.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\notepad.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\notepad.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\notepad.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\odbcconf.exe
20/2/2020 - 21:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.403Unknown1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exeopenfiles.exe
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\openfiles.exe
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\PATHPING.EXE
20/2/2020 - 21:45:44.403Open1480C:\malware.exeC:\Windows\SysWOW64\pcaui.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\pcaui.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\pcaui.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\pcaui.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\PresentationHost.exe
20/2/2020 - 21:45:44.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\PresentationHost.exePresentationHost.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\PresentationHost.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\PresentationHost.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\PresentationHost.exe
20/2/2020 - 21:45:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\raserver.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\raserver.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\raserver.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\raserver.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.497Unknown1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exerdrleakdiag.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\rdrleakdiag.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\relog.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\relog.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\relog.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\relog.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\runas.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:44.497Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.543Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.543Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.543Open1480C:\malware.exeC:\Windows\SysWOW64\setx.exe
20/2/2020 - 21:45:44.543Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:44.590Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:44.590Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:44.590Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:44.590Open1480C:\malware.exeC:\Windows\SysWOW64\SyncHost.exe
20/2/2020 - 21:45:44.637Open1480C:\malware.exeC:\Windows\SysWOW64\SyncHost.exe
20/2/2020 - 21:45:44.637Open1480C:\malware.exeC:\Windows\SysWOW64\SyncHost.exe
20/2/2020 - 21:45:44.637Open1480C:\malware.exeC:\Windows\SysWOW64\SyncHost.exe
20/2/2020 - 21:45:44.637Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exeSystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesPerformance.exe
20/2/2020 - 21:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\timeout.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wecutil.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:44.825Unknown1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exewsmprovhost.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wusa.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wusa.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wusa.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\wusa.exe
20/2/2020 - 21:45:44.825Open1480C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
20/2/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
20/2/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
20/2/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\xcopy.exe
20/2/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\XPSViewer
20/2/2020 - 21:45:44.872Unknown1480C:\malware.exeC:\Windows\SysWOW64\XPSViewer
20/2/2020 - 21:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\xwizard.exe
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64\xwizard.exe
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64\xwizard.exe
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64\xwizard.exe
20/2/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\tracing
20/2/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Windows\tracing
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\Vss
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\Vss\Writers
20/2/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Windows\Vss\Writers
20/2/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Windows\Vss
20/2/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64\AdvancedInstallers
20/2/2020 - 21:45:44.918Unknown1480C:\malware.exeC:\Windows\SysWOW64\AdvancedInstallers
20/2/2020 - 21:45:44.918Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\at.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\AtBroker.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\AtBroker.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\AtBroker.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\AtBroker.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\cacls.exe
20/2/2020 - 21:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\CertEnrollCtrl.exe
20/2/2020 - 21:45:45.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\CertEnrollCtrl.exeCertEnrollCtrl.exe
20/2/2020 - 21:45:45.12Open1480C:\malware.exeC:\Windows\SysWOW64\CertEnrollCtrl.exe
20/2/2020 - 21:45:45.12Open1480C:\malware.exeC:\Windows\SysWOW64\CertEnrollCtrl.exe
20/2/2020 - 21:45:45.12Open1480C:\malware.exeC:\Windows\SysWOW64\CertEnrollCtrl.exe
20/2/2020 - 21:45:45.12Open1480C:\malware.exeC:\Windows\SysWOW64\chkdsk.exe
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Windows\SysWOW64\chkdsk.exe
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Windows\SysWOW64\chkdsk.exe
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Windows\SysWOW64\chkdsk.exe
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Windows\SysWOW64\chkntfs.exe
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\chkntfs.exe
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\chkntfs.exe
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\chkntfs.exe
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\cipher.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\cipher.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\cipher.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\cipher.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\clip.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\clip.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\clip.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\clip.exe
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\compact.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\compact.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\compact.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\compact.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\convert.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\convert.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\convert.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\convert.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\cscript.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\dcomcnfg.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:45.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exeDeviceProperties.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\DeviceProperties.exe
20/2/2020 - 21:45:45.200Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:45.247Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:45.247Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:45.247Open1480C:\malware.exeC:\Windows\SysWOW64\dialer.exe
20/2/2020 - 21:45:45.247Open1480C:\malware.exeC:\Windows\SysWOW64\diskpart.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\diskpart.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\diskpart.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\diskpart.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\dpapimig.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\dpapimig.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\dpapimig.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\dpapimig.exe
20/2/2020 - 21:45:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
20/2/2020 - 21:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
20/2/2020 - 21:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
20/2/2020 - 21:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\DWWIN.EXE
20/2/2020 - 21:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\efsui.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
20/2/2020 - 21:45:45.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\eventcreate.exeeventcreate.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\eventcreate.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\extrac32.exe
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\fr-FR
20/2/2020 - 21:45:45.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\fr-FR
20/2/2020 - 21:45:45.387Unknown1480C:\malware.exeC:\Windows\SysWOW64\fr-FR
20/2/2020 - 21:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\fsutil.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\fsutil.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\fsutil.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\fsutil.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\ftp.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\ftp.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\ftp.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\ftp.exe
20/2/2020 - 21:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\gpupdate.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\gpupdate.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\gpupdate.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\gpupdate.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\grpconv.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\hdwwiz.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\icsxml
20/2/2020 - 21:45:45.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\icsxml
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\ieUnatt.exe
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\InstallShield
20/2/2020 - 21:45:45.481Unknown1480C:\malware.exeC:\Windows\SysWOW64\InstallShield
20/2/2020 - 21:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\it-IT
20/2/2020 - 21:45:45.481Read1480C:\malware.exeC:\Windows\SysWOW64\it-IT
20/2/2020 - 21:45:45.528Unknown1480C:\malware.exeC:\Windows\SysWOW64\it-IT
20/2/2020 - 21:45:45.528Open1480C:\malware.exeC:\Windows\SysWOW64\ktmutil.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\ktmutil.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\ktmutil.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\ktmutil.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\LocationNotifications.exe
20/2/2020 - 21:45:45.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\LocationNotifications.exeLocationNotifications.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\LocationNotifications.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\LocationNotifications.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\LocationNotifications.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\Magnify.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\Magnify.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\Magnify.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\Magnify.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\manifeststore
20/2/2020 - 21:45:45.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\manifeststore
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\mshta.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\mshta.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\mshta.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\mshta.exe
20/2/2020 - 21:45:45.575Open1480C:\malware.exeC:\Windows\SysWOW64\MuiUnattend.exe
20/2/2020 - 21:45:45.622Unknown1480C:\malware.exeC:\Windows\SysWOW64\MuiUnattend.exeMuiUnattend.exe
20/2/2020 - 21:45:45.622Open1480C:\malware.exeC:\Windows\SysWOW64\MuiUnattend.exe
20/2/2020 - 21:45:45.622Open1480C:\malware.exeC:\Windows\SysWOW64\MuiUnattend.exe
20/2/2020 - 21:45:45.622Open1480C:\malware.exeC:\Windows\SysWOW64\MuiUnattend.exe
20/2/2020 - 21:45:45.622Open1480C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
20/2/2020 - 21:45:45.668Open1480C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
20/2/2020 - 21:45:45.668Open1480C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
20/2/2020 - 21:45:45.668Open1480C:\malware.exeC:\Windows\SysWOW64\ndadmin.exe
20/2/2020 - 21:45:45.668Open1480C:\malware.exeC:\Windows\SysWOW64\netiougc.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\netiougc.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\netiougc.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\netiougc.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\Netplwiz.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\Netplwiz.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\Netplwiz.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\Netplwiz.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
20/2/2020 - 21:45:45.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exeOptionalFeatures.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\OptionalFeatures.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\Printing_Admin_Scripts
20/2/2020 - 21:45:45.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\Printing_Admin_Scripts
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\recover.exe
20/2/2020 - 21:45:45.715Open1480C:\malware.exeC:\Windows\SysWOW64\regedt32.exe
20/2/2020 - 21:45:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\regedt32.exe
20/2/2020 - 21:45:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\regedt32.exe
20/2/2020 - 21:45:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\regedt32.exe
20/2/2020 - 21:45:45.762Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
20/2/2020 - 21:45:45.809Unknown1480C:\malware.exeC:\Windows\SysWOW64\RMActivate.exeRMActivate.exe
20/2/2020 - 21:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
20/2/2020 - 21:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
20/2/2020 - 21:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\RMActivate.exe
20/2/2020 - 21:45:45.809Open1480C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\RmClient.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\ro-RO
20/2/2020 - 21:45:45.856Unknown1480C:\malware.exeC:\Windows\SysWOW64\ro-RO
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sdchange.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sethc.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\shutdown.exe
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sl-SI
20/2/2020 - 21:45:45.856Unknown1480C:\malware.exeC:\Windows\SysWOW64\sl-SI
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sysprep
20/2/2020 - 21:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\sysprep\en-US
20/2/2020 - 21:45:45.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\sysprep\en-US
20/2/2020 - 21:45:45.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\sysprep
20/2/2020 - 21:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\systeminfo.exe
20/2/2020 - 21:45:45.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\systeminfo.exesysteminfo.exe
20/2/2020 - 21:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\systeminfo.exe
20/2/2020 - 21:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\systeminfo.exe
20/2/2020 - 21:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\systeminfo.exe
20/2/2020 - 21:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:45.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exeSystemPropertiesComputerName.exe
20/2/2020 - 21:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\SystemPropertiesComputerName.exe
20/2/2020 - 21:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\takeown.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\takeown.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\takeown.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\takeown.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
20/2/2020 - 21:45:45.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exeUserAccountControlSettings.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\UserAccountControlSettings.exe
20/2/2020 - 21:45:45.997Open1480C:\malware.exeC:\Windows\SysWOW64\Utilman.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\Utilman.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\Utilman.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\Utilman.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\WerFault.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\wermgr.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:46.43Unknown1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exewinrshost.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\winrshost.exe
20/2/2020 - 21:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\wlanext.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wlanext.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wlanext.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wlanext.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\write.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:46.90Unknown1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exewsmprovhost.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\wsmprovhost.exe
20/2/2020 - 21:45:46.90Open1480C:\malware.exeC:\Windows\SysWOW64\zh-TW
20/2/2020 - 21:45:46.90Read1480C:\malware.exeC:\Windows\SysWOW64\zh-TW
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\zh-TW
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Documents and Settings
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Documents and Settings
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\System Volume Information
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\Files
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\Files\DeletedFiles
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\Files
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCD_Load_Use.exeWKCD_Load_Use.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\WKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor\WKCDController.exeWKCDController.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\PerfLogs
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\PerfLogs
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Program Files
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Program Files
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Program Files (x86)\Internet Explorer
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Program Files (x86)\Internet Explorer
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Program Files (x86)\Uninstall Information
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Program Files (x86)\Uninstall Information
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Program Files (x86)\Windows Mail
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Mail
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Program Files (x86)\Windows Mail
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Program Files (x86)
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Documentos
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Documentos
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Documents
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Documents
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Package Cache
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
20/2/2020 - 21:45:46.137Read1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Read1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Read1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Write1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exevcredist_x86.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Monitor\PE
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData\Package Cache
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Templates
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\ProgramData\Templates
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\ProgramData
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Recovery
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Recovery\cb520dab-4f12-11e8-9b22-525400842a13
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Recovery
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\System Volume Information
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\AppCompat
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Windows\AppCompat
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\bfsvc.exe
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\DigitalLocker
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\DigitalLocker\en-US
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Windows\DigitalLocker\en-US
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Windows\DigitalLocker
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\Downloaded Program Files
20/2/2020 - 21:45:46.137Unknown1480C:\malware.exeC:\Windows\Downloaded Program Files
20/2/2020 - 21:45:46.137Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:46.200Unknown1480C:\malware.exeC:\Windows\fveupdate.exefveupdate.exe
20/2/2020 - 21:45:46.200Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:46.200Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:46.200Open1480C:\malware.exeC:\Windows\fveupdate.exe
20/2/2020 - 21:45:46.200Open1480C:\malware.exeC:\Windows\L2Schemas
20/2/2020 - 21:45:46.200Read1480C:\malware.exeC:\Windows\L2Schemas
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\L2Schemas
20/2/2020 - 21:45:46.247Open1480C:\malware.exeC:\Windows\Panther
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\Panther
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\Panther
20/2/2020 - 21:45:46.247Open1480C:\malware.exeC:\Windows\rescache
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\rescache
20/2/2020 - 21:45:46.247Open1480C:\malware.exeC:\Windows\ServiceProfiles
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\ServiceProfiles
20/2/2020 - 21:45:46.247Open1480C:\malware.exeC:\Windows\SoftwareDistribution
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\SoftwareDistribution
20/2/2020 - 21:45:46.247Open1480C:\malware.exeC:\Windows\Speech
20/2/2020 - 21:45:46.247Unknown1480C:\malware.exeC:\Windows\Speech
20/2/2020 - 21:45:46.247Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:46.293Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:46.293Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:46.293Open1480C:\malware.exeC:\Windows\twunk_32.exe
20/2/2020 - 21:45:46.293Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\write.exe
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Read1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Read1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Read1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Read1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Read1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Write1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Write1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Write1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Write1480C:\malware.exeC:\zip.exe
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Monitor\PE
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:46.340Unknown1480C:\malware.exeC:\Monitor
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:46.340Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\SysWOW64\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\system\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\SysWOW64\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\SysWOW64\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\UManDlg.dll
20/2/2020 - 21:45:46.387Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\UManDlg.dll
20/2/2020 - 21:45:46.387Unknown1480C:\malware.exeC:\Windows
20/2/2020 - 21:45:46.387Unknown1480C:\malware.exeC:\Windows\SysWOW64

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 99.93%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 88.16%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.47%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 58.25%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.88%
suspicious: False cancel

Add to Collection
Download