Report #7481 check_circle

  • Creation Date: Feb. 21, 2020, 4:32 p.m.
  • Last Update: Feb. 22, 2020, 10:54 a.m.
  • File: adim.exe
  • Results:
Binary
DLL
False cancel
Size
3.45MB
trid
38.4% Win32 Dynamic Link Library
26.3% Win32 Executable
11.8% OS/2 Executable
11.6% Generic Win/DOS Executable
11.6% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
aa27c5ca1cc4101cd9f4a119fbafc557
sha1
2fa6d4f3025e8e5772a2a2dd74167ad52cb0337a
crc32
0x93bb52ff
sha224
42623273dafe27483cfef01ff5ad4a3d87e4374428974d02c655bf70
sha256
c848406e9474d3f1e403c9109028195cbc0fa8bc64f96abd21d682bbd625313b
sha384
4e74ca2f4557d38da7effd4b219ad305b3986249a65920a4dc9f06bd0085080a262570204cd904eacf37c2883f44ed77
sha512
bf1056d140071af02b71d42b6a5acc02807437448ff259ee9174bc26ca6008ab869c6dfa6541ef36b1c13acebae39b1d74e453dc16bd532215d1a2505f84d64f
ssdeep
49152:GenNK0WkAA7fmJaKn2t9vLtfbshMKcjbxaMYJh6CRCGmYdvtma9z5zdOSmUCzeiM:jdzAn2rzgsYMYukCwtFViSRch93m
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDigitalSignature, url, win_token, contentis_base64, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, IsPacked, HasOverlay, IP, IsPE32, escalate_priv, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
https://d.symcb.com/rpa0
https://d.symcb.com/cps0%
http://s1.symcb.com/pca3-g5.crl0
itau.com.br
www.itau.com.br 0
L.TD
A.mH
U.WTf
t@7.GS
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.http://crl.thawte.com/ThawteTimestampingCA.crl0
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://www.symauth.com/rpa00
http://www.symauth.com/cps0(
#http://logo.verisign.com/vslogo.gif0
c.CD
Y.Mg
u.Bs
R.bs
F.CD
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="*" processorArchitecture="*"/>
B.BB
v.eg
w.fi
http://sv.symcd.com0&
_u.AU
http://s2.symcb.com0
b.JO
z.DE
k.bF
k.jP
J.Pf
8.al
"L.DO
hvr.jo
wsock32.dll
winspool.drv
holeaut32.dll
Y.lov+n
jmsimg32.dll
[&kernel32.dll
_*comctl32.dll
;ntdll.dll
dversion.dll
q<advapi32.dll
winmm.dll
bSHFolder.dll
aplicativo.exe
<assemblyIdentity type="win32" name="servidor.exe" version="3.1.0.0" processorArchitecture="*"/>
1.33.2.26
1.33.2.26
http://ts-ocsp.ws.symantec.com07
^2\1
(@,0
:WI:oY:5
s5[FA
"aI:Y
=<~~
<^\
*.@#
} he
:d,E
.D,E
*&uL=+ He
r<He
tS:w
fd,E
fDt[
*nOH
dIO*
&obIg
<,:%FtE
%ho6$
T_2{%s
%%0tI
W*nR%A*d
%f*]TOS
/a.=%o
\tD%p
%ESM|
y)o%eO
%cDAg<
E)a%d
L%A+kt
%*iW^A
)%A'E
W[T%o
TG%|e
9yRd%fg
o)eSi%G
SY%oo<F
Ew@%guM
lvr%gH8
OKSA
he LU
OIB
RdMl
AfDW

Foremost
Matches
0.exe, 3 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.33.2.26, 1, pl41754.ag1001.nttpc.ne.jp.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://s2.symcb.com0, https://d.symcb.com/cps0%, http://sv.symcb.com/sv.crt0, http://crl.thawte.com/thawtetimestampingca.crl0, http://sv.symcd.com0&, http://www.symauth.com/cps0(, http://ocsp.thawte.com0, http://sv.symcb.com/sv.crl0f, http://logo.verisign.com/vslogo.gif0, http://www.symauth.com/rpa00, http://s1.symcb.com/pca3-g5.crl0, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<, https://d.symcb.com/rpa0, http://ts-ocsp.ws.symantec.com07
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: qhasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 3604992
Suspicious: False cancel
Image
Address: 133300224
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1536
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 6384982
Suspicous: False cancel

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .tls, .rdata, .vmp0, .vmp1, .vmp2, .vmp3, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6452667
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: wsock32.dll, user32.dll, gdi32.dll, winmm.dll, ole32.dll
hasLibs: True check_circle
Suspicious: qhasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2016-08-22 20:48:22
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
black
1
VirusTotal
md5
aa27c5ca1cc4101cd9f4a119fbafc557
sha1
2fa6d4f3025e8e5772a2a2dd74167ad52cb0337a
SCANS (DETECTION RATE = 60.00%)
AVG
result: FileRepMetagen [Malware]
update: 20190606
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20190606
version: 2018.9.12.1
detected: True check_circle

APEX
update: 20190606
version: 5.25
detected: False cancel

Bkav
result: HW32.Packed.
update: 20190606
version: 1.3.0.10239
detected: True check_circle

K7GW
result: Spyware ( 004fa84c1 )
update: 20190606
version: 11.48.31150
detected: True check_circle

Avast
update: 20190606
version: 18.4.3895.0
detected: False cancel

Avira
result: TR/Black.Gen2
update: 20190606
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190606
version: 6.2.0.1
detected: False cancel

DrWeb
result: Trojan.DownLoader22.25369
update: 20190606
version: 7.0.34.11020
detected: True check_circle

GData
result: Trojan.GenericKD.3488292
update: 20190606
version: A:25.22283B:25.15258
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190606
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Downloader
update: 20190606
version: 4.0.0
detected: True check_circle

Zoner
update: 20190605
version: 1.0
detected: False cancel

ClamAV
update: 20190606
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190606
version: 30981
detected: False cancel

F-Prot
update: 20190606
version: 4.7.1.166
detected: False cancel

McAfee
result: Artemis!AA27C5CA1CC4
update: 20190606
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (CLOUD)
update: 20190606
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/VMProtBad-A
update: 20190606
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!mgtbCvSX+58
update: 20190606
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Banker.Win32.101571
update: 20190606
version: 2.0.0.3827
detected: True check_circle

Acronis
result: suspicious
update: 20190605
version: 1.0.1.51
detected: True check_circle

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Generic.D353A24
update: 20190606
version: 1.0.0.846
detected: True check_circle

Babable
update: 20190424
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20190606
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20190522
version: 3.0.12
detected: False cancel

FireEye
result: Generic.mg.aa27c5ca1cc4101c
update: 20190606
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190606
version: 2019-06-06.02
detected: False cancel

Tencent
update: 20190606
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20190606
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20190606
version: 1.0.0.403
detected: False cancel

eGambit
result: PE.Heur.InvalidSig
update: 20190606
version: v4.3.6
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.3488292
update: 20190606
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20190606
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.3488292 (B)
update: 20190606
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.TR/Black.Gen2
update: 20190606
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/VMProtBad.A!tr
update: 20190606
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190525
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Generic.aigjy
update: 20190529
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190606
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190606
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190606
version: 1.9.0.0
detected: True check_circle

AhnLab-V3
update: 20190606
version: 3.15.2.24317
detected: False cancel

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20190606
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20190606
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.7164915.susgen
update: 20190605
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Dynamer!ac
update: 20190606
version: 1.1.16000.6
detected: True check_circle

Qihoo-360
update: 20190606
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20190605
version: 6.8.0.5.4255
detected: False cancel

Trustlook
update: 20190606
version: 1.0
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20190606
version: 1.0
detected: True check_circle

Cybereason
result: malicious.a1cc41
update: 20190417
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Banker.ADDN
update: 20190606
version: 19480
detected: True check_circle

TrendMicro
update: 20190606
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Trojan.GenericKD.3488292
update: 20190606
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (D)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
result: Spyware ( 004fa84c1 )
update: 20190606
version: 11.48.31150
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20190604
version: 1.0.27.333
detected: True check_circle

Avast-Mobile
update: 20190606
version: 190606-00
detected: False cancel

Malwarebytes
update: 20190606
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190606
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190606
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Black.efqvgn
update: 20190606
version: 1.0.134.24826
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.3488292
update: 20190606
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190604
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20190606
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190606
version: 10.0.0.1040
detected: False cancel

total
70
sha256
c848406e9474d3f1e403c9109028195cbc0fa8bc64f96abd21d682bbd625313b
scan_id
c848406e9474d3f1e403c9109028195cbc0fa8bc64f96abd21d682bbd625313b-1559855886
resource
aa27c5ca1cc4101cd9f4a119fbafc557
positives
42
scan_date
2019-06-06 21:18:06
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Unknown1480C:\malware.exeC:\Monitor\Malware
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
22/2/2020 - 9:45:44.700Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\dwmapi.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
22/2/2020 - 9:45:44.762Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
22/2/2020 - 9:45:44.762Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\system\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Monitor\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\kernel.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\security.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\SECUR32.DLL
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
22/2/2020 - 9:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
22/2/2020 - 9:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
22/2/2020 - 9:45:44.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
22/2/2020 - 9:45:44.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau\itauaplicativo.exe
22/2/2020 - 9:45:44.779Open1480C:\malware.exeC:\malware.exe.Local
22/2/2020 - 9:45:44.779Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
22/2/2020 - 9:45:44.779Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
22/2/2020 - 9:45:44.779Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
22/2/2020 - 9:45:44.779Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
22/2/2020 - 9:45:44.780Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
22/2/2020 - 9:45:44.784Open1480C:\malware.exeC:\Fwpuclnt.dll
22/2/2020 - 9:45:44.784Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/2/2020 - 9:45:44.784Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/2/2020 - 9:45:44.786Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
22/2/2020 - 9:45:44.786Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
22/2/2020 - 9:45:44.787Open1480C:\malware.exeC:\malware.exe.Local
22/2/2020 - 9:45:44.787Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/2/2020 - 9:45:44.787Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/2/2020 - 9:45:44.787Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/2/2020 - 9:45:44.787Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\Local State
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Aplicativo Itau\itauaplicativo.exe
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Program Files\AppBrad\AplicativoBradesco.exe
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Program Files (x86)\AppBrad\AplicativoBradesco.exe
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Program Files\Diebold\Warsaw\core.exe
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Program Files (x86)\GbPlugin\GbpSv.exe
22/2/2020 - 9:45:44.791Open1480C:\malware.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
22/2/2020 - 9:45:44.792Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
22/2/2020 - 9:45:44.794Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
22/2/2020 - 9:45:44.798Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
22/2/2020 - 9:45:44.798Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
22/2/2020 - 9:45:44.799Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
22/2/2020 - 9:45:45.272Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
22/2/2020 - 9:45:45.306Unknown1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
22/2/2020 - 9:45:45.341Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
22/2/2020 - 9:45:45.341Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
22/2/2020 - 9:45:45.342Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
22/2/2020 - 9:45:45.342Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
22/2/2020 - 9:45:45.551Open1480C:\malware.exeC:\SXS.DLL
22/2/2020 - 9:45:45.551Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
22/2/2020 - 9:45:45.552Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
22/2/2020 - 9:45:45.553Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.588Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.588Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.624Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.625Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.625Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:45.625Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
22/2/2020 - 9:45:45.626Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
22/2/2020 - 9:45:45.631Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
22/2/2020 - 9:45:45.631Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
22/2/2020 - 9:45:45.632Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
22/2/2020 - 9:45:45.632Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
22/2/2020 - 9:45:45.677Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/2/2020 - 9:45:45.677Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
22/2/2020 - 9:45:45.681Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
22/2/2020 - 9:45:45.681Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
22/2/2020 - 9:45:45.681Open1480C:\malware.exeC:\DNSAPI.dll
22/2/2020 - 9:45:45.682Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/2/2020 - 9:45:45.682Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/2/2020 - 9:45:45.683Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
22/2/2020 - 9:45:45.683Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
22/2/2020 - 9:45:45.685Open1480C:\malware.exeC:\IPHLPAPI.DLL
22/2/2020 - 9:45:45.686Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/2/2020 - 9:45:45.686Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/2/2020 - 9:45:45.686Open1480C:\malware.exeC:\WINNSI.DLL
22/2/2020 - 9:45:45.686Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
22/2/2020 - 9:45:45.687Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
22/2/2020 - 9:45:45.788Open1480C:\malware.exeC:\rasadhlp.dll
22/2/2020 - 9:45:45.788Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
22/2/2020 - 9:45:45.789Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
22/2/2020 - 9:45:45.856Open1480C:\malware.exeC:\CRYPTSP.dll
22/2/2020 - 9:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
22/2/2020 - 9:45:45.857Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
22/2/2020 - 9:45:45.857Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.857Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.858Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.858Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.858Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.858Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.859Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.859Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.859Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.860Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.865Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.865Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/2/2020 - 9:45:45.866Open1480C:\malware.exeC:\RpcRtRemote.dll
22/2/2020 - 9:45:45.866Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/2/2020 - 9:45:45.866Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/2/2020 - 9:45:45.866Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/2/2020 - 9:45:45.866Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/2/2020 - 9:45:46.6Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
22/2/2020 - 9:45:46.7Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
22/2/2020 - 9:45:46.381Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
22/2/2020 - 9:45:46.390Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
22/2/2020 - 9:45:46.394Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
22/2/2020 - 9:45:46.394Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
22/2/2020 - 9:45:46.395Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
22/2/2020 - 9:45:46.718Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
22/2/2020 - 9:45:47.507Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/2/2020 - 9:45:47.507Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/2/2020 - 9:45:47.541Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/2/2020 - 9:45:47.542Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/2/2020 - 9:45:48.292Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
22/2/2020 - 9:45:48.292Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
22/2/2020 - 9:45:48.294Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:48.295Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:48.304Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
22/2/2020 - 9:45:48.305Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
22/2/2020 - 9:45:48.306Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:48.315Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
22/2/2020 - 9:45:48.315Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
22/2/2020 - 9:45:48.316Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:48.323Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
22/2/2020 - 9:45:48.325Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
22/2/2020 - 9:45:48.325Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:48.326Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/2/2020 - 9:45:48.334Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
22/2/2020 - 9:45:48.335Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
22/2/2020 - 9:45:48.335Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
22/2/2020 - 9:45:48.335Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
22/2/2020 - 9:45:48.571Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\icone.cur
22/2/2020 - 9:45:48.605Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.605Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.605Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.607Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.608Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.608Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.608Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.608Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.609Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.610Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.610Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.610Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.610Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.611Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.612Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.612Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.613Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.613Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.614Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.614Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.614Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.615Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.615Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.615Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.616Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.616Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.617Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.617Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.618Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.619Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.620Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.620Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.624Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.624Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.624Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.624Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.626Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.627Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.627Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.627Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.628Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.628Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.629Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.629Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.629Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.630Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.630Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.631Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.631Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.631Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.631Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.632Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.633Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.633Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.633Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.633Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.634Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.635Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.635Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.635Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.635Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.636Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.638Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.678Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.678Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.678Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.678Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.679Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.680Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.680Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.680Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.680Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.681Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.682Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.682Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.682Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.683Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.683Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.685Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.685Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.686Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.686Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.686Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.687Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.687Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.688Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.688Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.688Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.689Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.689Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.690Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.690Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.690Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.690Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.691Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.692Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.692Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.692Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.692Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.693Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.694Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.694Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.694Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.694Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.695Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.696Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.696Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.697Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.698Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.698Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.698Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.698Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.699Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.701Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.702Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.702Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.702Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.702Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.703Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.704Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.704Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.704Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.704Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.705Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.706Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.706Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.706Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.706Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.707Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.708Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.708Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.708Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.708Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.708Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.709Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.709Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.709Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.709Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.710Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.711Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.711Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.711Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.711Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.751Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.752Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.752Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.752Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.753Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.753Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.755Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.755Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.755Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.755Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.755Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.757Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.757Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.757Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.757Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.757Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.759Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.759Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.759Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.759Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.760Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.761Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.761Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.761Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.761Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe
22/2/2020 - 9:45:48.763Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.763Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ICONE.CUR
22/2/2020 - 9:45:48.763Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\dmw.exe
22/2/2020 - 9:45:48.764Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\fixbar.exe
22/2/2020 - 9:45:48.764Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\logon.exe

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
22/2/2020 - 9:45:44.791Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runmalware.exe

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code alexander-hardung.de.
computer localhost arrow_forward computer gateway:50273 code alexander-hardung.de.

Response
computer gateway:DNS arrow_forward computer localhost code alexander-hardung.de. reply_all 80.237.133.231


TCP
Info
computer localhost:65191 arrow_forward 80.237.133.231:80
80.237.133.231:80 arrow_forward computer localhost:65191

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send POST alexander-hardung.de attach_file /500/index/contador/point.php

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.01%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 91.65%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 52.71%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 53.24%
suspicious: False cancel

Add to Collection
Download