Report #7393 check_circle

  • Creation Date: Feb. 21, 2020, 4:24 p.m.
  • Last Update: Feb. 22, 2020, 3:51 a.m.
  • File: mstd.exe
  • Results:
Binary
DLL
False cancel
Size
2.66MB
trid
33.4% OS/2 Executable
33.0% Generic Win/DOS Executable
32.9% DOS Executable Generic
0.5% VXD Driver
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
22f5adeae0d3709a126899c71c8085cd
sha1
f7dc395a9e132f8607781d0bc9a8aecd48733dd4
crc32
0x7341727d
sha224
091e313b606ce30d3a0193fbed99ea4f362ad0ee114f9228964b9181
sha256
0c26f2b0c8ee1445ddae002e74ada465e02dec4fd259fa83b3b16b87a8fb3399
sha384
6eb614ffafc448634ab81bb733817f5f219f336ff07a0264cb5478f4937b099d2116597e447ec1063fbe0a1b546eed7d
sha512
af58889b485dc5eb089c05e03a172a4a6ed9cec5f5edb45ed46a53720ce3c59d88b10d5ccdc4870721f685f771e267840093ce0b16336cd1cc3885b63ffdff8d
ssdeep
49152:hkLUqSNO3VlLqIc5zpK+/Q6ha6Xp61JWgeP/F05kmri0ac1n/1fP1dWP7:8Uqwojfc5rIH641JuXS5Urc1pP1dWT
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsPacked, IsPE64, domain, contentis_base64, IsWindowsGUI

Suspicious
True check_circle

Strings
List
Rdc.kG
Bm.SR
1i.Hm
S.st
R.TN
n.tR
t.al
BR.BG
lk.BN
k.Ba
S.BY
S.Bi
I.mL
k.BA
S.BI
c.Cg
F.Gd
v.wS
k.nE
d.ws
9.AX
k.By
K.CM
Vq.SG
7t.dZ
X.Uz
3.Cx
L'/S.Bo-
S>h.co
M.egu{
I'(SPB
(>,0
*7/r9IfD
I'4cLM
,=o.US
,NRc.
^Eg|N
L/I:SM
/')SIBo
=~TBI:dM
*.+#
,NyItL/
tc,E
GdT;
Hog|
eHU-
LmIU-
NSI:d
h8)%Ft
%8ot>\r
yW|E%g8r
AF8N
gr5%%s
"%a>r1
E5%%:
_%nd*Ng=
%i2Lu
%uS3h
DRQ1aIw
%tdy#
%e$ea
G5%dpn
%d]oS
`%fEr,
%sFO!e
%AE]*
`%FiE
}\%aO
&%e"R
%uT-S
%sO(~
B%u'nI
tES%a8
%poad
MeBs
d His
fDmS
e%dPG
%FlYO
%Aetr
HyL%E
tf%cl
Fm%tdnXt
awBG%af
w%e=[g Et
( %iT
TFORM_SANTANDER_ITOKEN
TFORM_ITAUFISICA_ITOKEN
%ce< xMrB
?3%SSHo
0.cO\g
OF.PK}
;k.oM}
TCPrbK6
k)SxB.ME
GetProcAddress
TFORM_ITAUEMPRESA_ITOKEN
This program must be run under Win32
TFORM_ITAUPERSONNALITE_ITOKEN TFORM_ITAUPERSONNALITE_NASESENHA
VirtualAlloc

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.DLL, KERNEL32.dll, COMCTL32.DLL
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2551808
Suspicious: False cancel
Image
Address: 133300224
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g, 8y3g23g
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 5
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 5.2
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6286714
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, comctl32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2016-09-13 22:47:27
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
None
1
VirusTotal
md5
22f5adeae0d3709a126899c71c8085cd
sha1
f7dc395a9e132f8607781d0bc9a8aecd48733dd4
SCANS (DETECTION RATE = 77.94%)
AVG
result: Win64:Malware-gen
update: 20180810
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180810
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180810
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W64.HfsReno.A346
update: 20180810
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Spyware ( 004f60791 )
update: 20180810
version: 10.57.28036
detected: True check_circle

ALYac
result: Trojan.GenericKD.3529529
update: 20180810
version: 1.1.1.5
detected: True check_circle

Avast
result: Win64:Malware-gen
update: 20180810
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Banker.53677
update: 20180810
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180810
version: 1.0.0.2
detected: False cancel

Cyren
result: W64/Banker.INJA-4735
update: 20180810
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180810
version: 7.0.33.6080
detected: False cancel

GData
result: Win64.Trojan.Agent.WA5SR2
update: 20180810
version: A:25.18062B:25.12932
detected: True check_circle

Panda
result: Trj/WLT.C
update: 20180810
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanBanker.Win64.Agent
update: 20180810
version: 3.33.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180810
version: 68728
detected: True check_circle

Zoner
result: Trojan.Banker
update: 20180810
version: 1.0
detected: True check_circle

AVware
result: Trojan.Win32.Generic!BT
update: 20180810
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180810
version: 0.100.1.0
detected: False cancel

Comodo
update: 20180810
detected: False cancel

F-Prot
result: W64/Banker2.AAV
update: 20180810
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win64.Spy
update: 20180810
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.zo
update: 20180810
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (CLOUD)
update: 20180810
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-L
update: 20180810
version: 4.98.0
detected: True check_circle

Yandex
result: TrojanSpy.Banker!VtG9S4LYavg
update: 20180810
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Banker.Win64.38
update: 20180809
version: 2.0.0.3613
detected: True check_circle

Arcabit
result: Trojan.Generic.D35DB39
update: 20180810
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180725
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180810
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (moderate confidence)
update: 20180730
version: 3.0.1
detected: True check_circle

TACHYON
update: 20180810
version: 2018-08-10.02
detected: False cancel

Tencent
result: Win32.Trojan.Gen.Bmso
update: 20180810
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win64.S.Agent.2792960
update: 20180810
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.GenKD
update: 20180810
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20180810
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.3529529
update: 20180810
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win64.Agent.7!c
update: 20180810
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.3529529 (B)
update: 20180810
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.GenericKD.3529529
update: 20180810
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W64/Banker.AH!tr.spy
update: 20180810
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180717
version: 6.3.5.26121
detected: True check_circle

Jiangmin
result: Trojan.Banker.Agent.ul
update: 20180810
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180810
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180810
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180810
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win64.Agent.C1567485
update: 20180810
version: 3.13.1.21616
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.TSGeneric
update: 20180810
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win64.Agent.gy
update: 20180810
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win64/Banker
update: 20180810
version: 1.1.15100.1
detected: True check_circle

Qihoo-360
result: Trojan.Generic
update: 20180810
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180807
version: 6.8.0.5.3512
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win64.Agent.gy
update: 20180810
version: 1.0
detected: True check_circle

Cybereason
result: malicious.ae0d37
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win64/Spy.Banker.AH
update: 20180810
version: 17860
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBF18
update: 20180810
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.3529529
update: 20180810
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_60% (D)
update: 20180723
version: 1.0
detected: True check_circle

K7AntiVirus
result: Spyware ( 004f60791 )
update: 20180810
version: 10.57.28035
detected: True check_circle

SentinelOne
update: 20180701
version: 1.0.17.227
detected: False cancel

Avast-Mobile
update: 20180810
version: 180809-04
detected: False cancel

Malwarebytes
update: 20180810
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180810
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanSpy.Banker
update: 20180810
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win64.Banker.ehivwy
update: 20180810
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.3529529
update: 20180810
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180810
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win64.Obfuscated.vc
update: 20180810
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBF18
update: 20180810
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
0c26f2b0c8ee1445ddae002e74ada465e02dec4fd259fa83b3b16b87a8fb3399
scan_id
0c26f2b0c8ee1445ddae002e74ada465e02dec4fd259fa83b3b16b87a8fb3399-1533907287
resource
22f5adeae0d3709a126899c71c8085cd
positives
53
scan_date
2018-08-10 13:21:27
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/2/2020 - 2:45:43.872Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\winspool.drv
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\System32\winspool.drv
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\System32\winspool.drv
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\wsock32.dll
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\System32\wsock32.dll
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\System32\wsock32.dll
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\winmm.dll
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\System32\winmm.dll
22/2/2020 - 2:45:44.153Open1480C:\malware.exeC:\Windows\System32\winmm.dll
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Windows\System32\tzres.dll
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Windows\System32\tzres.dll
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Windows\System32\tzres.dll
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Windows\System32\tzres.dll
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
22/2/2020 - 2:45:44.200Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\CRYPTBASE.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
22/2/2020 - 2:45:44.247Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
22/2/2020 - 2:45:44.247Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\dwmapi.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\dwmapi.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\wtsapi32.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\wtsapi32.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\wtsapi32.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\WINSTA.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\winsta.dll
22/2/2020 - 2:45:44.247Open1480C:\malware.exeC:\Windows\System32\winsta.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
22/2/2020 - 2:45:44.356Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/2/2020 - 2:45:44.356Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\system\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Monitor\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\wbem\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\WindowsPowerShell\v1.0\kernel.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\security.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\security.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\security.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\SECUR32.DLL
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\secur32.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\secur32.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\SSPICLI.DLL
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
22/2/2020 - 2:45:44.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau\itauaplicativo.exe
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\malware.exe.Local
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b
22/2/2020 - 2:45:44.356Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b\comctl32.dll.mui
22/2/2020 - 2:45:44.356Read1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_bbf27855f153915b\comctl32.dll.muicomctl32.dll.mui
22/2/2020 - 2:45:44.356Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
22/2/2020 - 2:45:44.373Open1480C:\malware.exeC:\Fwpuclnt.dll
22/2/2020 - 2:45:44.373Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
22/2/2020 - 2:45:44.373Open1480C:\malware.exeC:\Windows\System32\FWPUCLNT.DLL
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll.Config
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\System32\uxtheme.dll
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\malware.exe.Local
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
22/2/2020 - 2:45:44.375Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
22/2/2020 - 2:45:44.375Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
22/2/2020 - 2:45:44.375Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
22/2/2020 - 2:45:44.375Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
22/2/2020 - 2:45:44.376Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
22/2/2020 - 2:45:44.379Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\Local State
22/2/2020 - 2:45:44.379Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
22/2/2020 - 2:45:44.379Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau\itauaplicativo.exe
22/2/2020 - 2:45:44.379Open1480C:\malware.exeC:\Program Files\AppBrad\AplicativoBradesco.exe
22/2/2020 - 2:45:44.380Open1480C:\malware.exeC:\Program Files (x86)\AppBrad\AplicativoBradesco.exe
22/2/2020 - 2:45:44.380Open1480C:\malware.exeC:\Program Files\Diebold\Warsaw\core.exe
22/2/2020 - 2:45:44.380Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\GbpSv.exe
22/2/2020 - 2:45:44.380Open1480C:\malware.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
22/2/2020 - 2:45:44.381Open1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.dll
22/2/2020 - 2:45:44.381Open1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.dll
22/2/2020 - 2:45:44.384Open1480C:\malware.exeC:\Windows\System32\wbem\wbemcomn.dll
22/2/2020 - 2:45:44.384Open1480C:\malware.exeC:\Windows\System32\wbemcomn.dll
22/2/2020 - 2:45:44.384Open1480C:\malware.exeC:\Windows\System32\wbemcomn.dll
22/2/2020 - 2:45:44.385Open1480C:\malware.exeC:\Windows\System32\wbem\Logs
22/2/2020 - 2:45:44.385Unknown1480C:\malware.exeC:\Windows\System32\wbem\Logs
22/2/2020 - 2:45:44.389Open1480C:\malware.exeC:\Windows\System32\wbem\wbemprox.dll
22/2/2020 - 2:45:44.389Open1480C:\malware.exeC:\Windows\System32\wbem\wbemprox.dll
22/2/2020 - 2:45:44.390Open1480C:\malware.exeC:\SXS.DLL
22/2/2020 - 2:45:44.390Open1480C:\malware.exeC:\Windows\System32\sxs.dll
22/2/2020 - 2:45:44.391Open1480C:\malware.exeC:\Windows\System32\sxs.dll
22/2/2020 - 2:45:44.391Open1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.392Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.392Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.393Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.394Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.394Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.394Read1480C:\malware.exeC:\Windows\System32\wbem\wbemdisp.tlb
22/2/2020 - 2:45:44.395Open1480C:\malware.exeC:\Windows\System32\wbem\wmiutils.dll
22/2/2020 - 2:45:44.395Open1480C:\malware.exeC:\Windows\System32\wbem\wmiutils.dll
22/2/2020 - 2:45:44.460Open1480C:\malware.exeC:\Windows\System32\nlaapi.dll
22/2/2020 - 2:45:44.460Open1480C:\malware.exeC:\Windows\System32\nlaapi.dll
22/2/2020 - 2:45:44.461Open1480C:\malware.exeC:\Windows\System32\NapiNSP.dll
22/2/2020 - 2:45:44.461Open1480C:\malware.exeC:\Windows\System32\NapiNSP.dll
22/2/2020 - 2:45:44.462Open1480C:\malware.exeC:\Windows\System32\pnrpnsp.dll
22/2/2020 - 2:45:44.462Open1480C:\malware.exeC:\Windows\System32\pnrpnsp.dll
22/2/2020 - 2:45:44.462Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
22/2/2020 - 2:45:44.462Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
22/2/2020 - 2:45:44.463Open1480C:\malware.exeC:\DNSAPI.dll
22/2/2020 - 2:45:44.463Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
22/2/2020 - 2:45:44.463Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
22/2/2020 - 2:45:44.464Open1480C:\malware.exeC:\Windows\System32\winrnr.dll
22/2/2020 - 2:45:44.464Open1480C:\malware.exeC:\Windows\System32\winrnr.dll
22/2/2020 - 2:45:44.464Open1480C:\malware.exeC:\IPHLPAPI.DLL
22/2/2020 - 2:45:44.464Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
22/2/2020 - 2:45:44.465Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
22/2/2020 - 2:45:44.465Open1480C:\malware.exeC:\WINNSI.DLL
22/2/2020 - 2:45:44.465Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
22/2/2020 - 2:45:44.465Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
22/2/2020 - 2:45:44.570Open1480C:\malware.exeC:\rasadhlp.dll
22/2/2020 - 2:45:44.570Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
22/2/2020 - 2:45:44.572Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
22/2/2020 - 2:45:44.639Open1480C:\malware.exeC:\CRYPTSP.dll
22/2/2020 - 2:45:44.639Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
22/2/2020 - 2:45:44.640Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
22/2/2020 - 2:45:44.640Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.640Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.640Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.641Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.641Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.641Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.641Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.641Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.642Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.642Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.646Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.646Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
22/2/2020 - 2:45:44.646Open1480C:\malware.exeC:\RpcRtRemote.dll
22/2/2020 - 2:45:44.647Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
22/2/2020 - 2:45:44.647Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
22/2/2020 - 2:45:44.647Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
22/2/2020 - 2:45:44.647Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
22/2/2020 - 2:45:44.784Open1480C:\malware.exeC:\Windows\System32\wbem\wbemsvc.dll
22/2/2020 - 2:45:44.784Open1480C:\malware.exeC:\Windows\System32\wbem\wbemsvc.dll
22/2/2020 - 2:45:45.313Open1480C:\malware.exeC:\Windows\System32\wbem\fastprox.dll
22/2/2020 - 2:45:45.313Open1480C:\malware.exeC:\Windows\System32\wbem\fastprox.dll
22/2/2020 - 2:45:45.314Open1480C:\malware.exeC:\Windows\System32\wbem\NTDSAPI.dll
22/2/2020 - 2:45:45.314Open1480C:\malware.exeC:\Windows\System32\ntdsapi.dll
22/2/2020 - 2:45:45.314Open1480C:\malware.exeC:\Windows\System32\ntdsapi.dll
22/2/2020 - 2:45:46.72Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
22/2/2020 - 2:45:46.72Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
22/2/2020 - 2:45:47.918Open1480C:\malware.exeC:\Windows\System32\wship6.dll
22/2/2020 - 2:45:47.918Open1480C:\malware.exeC:\Windows\System32\wship6.dll
22/2/2020 - 2:45:47.928Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
22/2/2020 - 2:45:47.928Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
22/2/2020 - 2:45:47.930Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:47.930Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:47.940Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
22/2/2020 - 2:45:47.941Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
22/2/2020 - 2:45:47.942Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
22/2/2020 - 2:45:47.942Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
22/2/2020 - 2:45:47.950Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
22/2/2020 - 2:45:47.950Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
22/2/2020 - 2:45:47.951Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:48.90Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
22/2/2020 - 2:45:48.90Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
22/2/2020 - 2:45:48.91Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:48.231Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
22/2/2020 - 2:45:48.297Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
22/2/2020 - 2:45:48.331Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:48.364Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 2:45:48.558Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\icone.cur
22/2/2020 - 2:45:48.558Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.559Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.560Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.560Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.561Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.561Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.561Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.561Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.561Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.563Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.563Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.563Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.563Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.564Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.564Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.564Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.564Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.565Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.566Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.566Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.566Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.566Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.566Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.567Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.567Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.568Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.568Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.568Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.569Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.569Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.569Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.569Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.569Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.605Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.605Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.605Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.607Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.607Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.607Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.607Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.607Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.608Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.609Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.609Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.609Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.609Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.610Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.610Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.610Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.610Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.611Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.612Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.613Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.613Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.614Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.614Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.614Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.615Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.615Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.615Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.615Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.615Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.617Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.618Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.618Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.618Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.619Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.619Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.620Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.621Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.623Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.623Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.623Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.623Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.624Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.626Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.626Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.626Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.627Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.627Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.627Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.627Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.628Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.629Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.629Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.629Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.629Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.629Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.630Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.630Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.630Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.631Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.631Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.632Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.632Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.632Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.632Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.632Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.634Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.634Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.634Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.634Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.634Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.635Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.635Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.635Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.636Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.636Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.638Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.678Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.678Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.678Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.678Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.679Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.679Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.679Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.680Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.680Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.681Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.681Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.681Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.681Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.681Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.682Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.683Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.683Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.683Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.683Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.685Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.686Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.686Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.686Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.686Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.686Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.687Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.688Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.688Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.688Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.688Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.689Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.689Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.689Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.689Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.690Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.691Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.691Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.691Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.691Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.691Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.692Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.693Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.693Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.693Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.693Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.694Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.694Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.694Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.694Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.695Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.696Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.697Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.698Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.698Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.698Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.698Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 2:45:48.699Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.699Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 2:45:48.699Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 2:45:48.699Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 2:45:48.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
22/2/2020 - 2:45:44.379Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runmalware.exe

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code cy92286.tmweb.ru.
computer localhost arrow_forward computer gateway:DNS code cy92286.tmweb.ru.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 67.36%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 68.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 63.40%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 50.92%
suspicious: False cancel

Add to Collection
Download