Report #7763 check_circle

  • Creation Date: Feb. 28, 2020, 2:12 p.m.
  • Last Update: Feb. 28, 2020, 3:23 p.m.
  • File: 3263252a4d.exe
  • Results:
Binary
DLL
False cancel
Size
32.00KB
trid
68.2% Win32 Executable Microsoft Visual Basic 6
22.9% Win64 Executable
3.7% Win32 Executable
1.6% OS/2 Executable
1.6% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
74c2d7b3f9c4bdda52a466e578c689d9
sha1
2cf3ae13f648b200745a34f4da04777611531f6a
crc32
0x38ef242f
sha224
61bc143b7c7ba2d3153a5d84330f45b9704fd66fa224891f929553a2
sha256
ec2d892626e230edc25ba57050e4eaa7263c1ddb7acf59bdea95c8da3a63c5ef
sha384
3f7b4ba3f1ad695e602b3d24c32f1fdba84b7cc6ca802c2724fdd0dfc0d716d12f7ae704434b4e2e05425347b1be62c4
sha512
6aa2c46cad63177aa102bb5af4bb032f7b03ed54dbfafdd15f2488a764479f4cc1b41826e9018e52b32ba132e282592f63159eb3f63f4688b3469e404ad376f1
ssdeep
384:/TlUsjdh5rZsKIiGY6ME8O0roy2ZiN9tnWRiR:/ZUODz0j88Mtz
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
Microsoft_Visual_Basic_v50_additional, domain, HasRichSignature, contentis_base64, ProtectSharewareV11eCompservCMS, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, SEH__vba, IsWindowsGUI

Suspicious
True check_circle

Strings
List
@*\AE:\2014-2015\_News Loads Installs e Manipulator\Process\_novos\Manipulator\Manipulation.vbp
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
sh.exe
commandLine
6A71595A5159506C755E44585C556D7442415C5B5650425F5A5D695251455B5453185C4F50101B14595E50541C545C5D155952435952581D57464604
62757E7C7A63131D1677627A7A16605C5905056F66475E5357424315607A726474105C55555013081113
6663504B5E41441C645A525955
1C1D545852551D565F541D5D5140585A5F1E50404304
750D165E5954535649441A
ExecQuery
EVENT_SINK_QueryInterface
VBA6.DLL
__vbaR8IntI4
__vbaR8IntI4
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallLd
__vbaLateMemCall
__vbaStrI2
__vbaI4Var
__vbaStrI2
__vbaI4Var
__vbaVarLateMemCallLd
__vbaVarLateMemCallLd
__vbaFpI2
__vbaFpI2
__vbaNew2
__vbaNew2
__vbaErrorOverflow
__vbaErrorOverflow
__vbaObjSetAddref
__vbaObjSetAddref
_adj_fdivr_m32i
_adj_fdivr_m16i
__vbaFreeStrList
__vbaForEachCollVar
__vbaVarForNext
__vbaVarForInit
__vbaVarForNext
__vbaForEachCollVar
__vbaExitEachColl
__vbaExitEachColl
__vbaBoolVarNull
__vbaFreeVarList
__vbaFreeVarList
__vbaVarForInit
__vbaFreeStrList
__vbaStrVarMove
__vbaBoolVarNull
__vbaStrVarMove
__vbaFreeObjList
__vbaFreeObjList
_adj_fdiv_m16i
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_m32
__vbaLateMemSt
__vbaVarTstNe
__vbaVarCmpNe
__vbaLateMemSt
__vbaInStrVar
__vbaInStrVar
__vbaVarTstNe
__vbaVarCmpNe
EVENT_SINK_AddRef
__vbaVarAdd
__vbaVarAdd
__vbaVarCopy
__vbaFreeStr
__vbaStrMove
__vbaFreeVar
__vbaFreeObj
__vbaVarMove
__vbaVarCopy
__vbaVarMove
__vbaFreeVar
__vbaFreeStr
__vbaFreeObj
__vbaStrMove
EVENT_SINK_Release
__vbaVarXor
__vbaVarXor
__vbaStrVarVal
__vbaStrVarVal
__vbaObjSet
__vbaVarDup
__vbaVarDup
__vbaVarAnd
__vbaVarCat
__vbaVarNot
__vbaVarNot
__vbaVarCat
__vbaVarAnd
__vbaObjSet
MSVBVM60.DLL
MSVBVM60.DLL
_adj_fprem1
H0530EclIa
_adj_fdivr_m64
_adj_fdivr_m32

Foremost
Matches
0.exe, 32 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: VBA6.DLL, MSVBVM60.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 8192
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 98144
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5108
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvbvm60.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-03-23 00:53:42
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0, Microsoft Visual Basic v5.0 - v6.0

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
nopsequence
.text: 10

cpuinstructionsresultscomparison
.rsrc: 2
.text: 1

AVclass
banload
1
VirusTotal
md5
74c2d7b3f9c4bdda52a466e578c689d9
sha1
2cf3ae13f648b200745a34f4da04777611531f6a
SCANS (DETECTION RATE = 66.67%)
AVG
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=84)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004b75761 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
update: 20180323
version: 1.1.1.5
detected: False cancel

Avast
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Dldr.Agent.32768.240
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.NREB-5077
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180323
version: 7.0.28.2020
detected: False cancel

GData
result: Gen:Trojan.Heur.VB.cm0@ca6Hxrli
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanBanker.VB
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Banload-2115
update: 20180323
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180323
version: 28731
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!74C2D7B3F9C4
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Undefined!8.C (TFE:5:kjJXPRnyk9O)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.VB!b30jhuHZVT4
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180323
version: 2.0.0.3519
detected: False cancel

Arcabit
result: Trojan.Heur.VB.E78AD9
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-banker.Vb.Airy
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Trojan.Heur.VB.cm0@ca6Hxrli
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Banker.W32.VB.ajz!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Trojan.Heur.VB.cm0@ca6Hxrli (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180323
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Banload.VGH!tr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
update: 20180323
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Gen.C807702
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.SGeneric
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.VB.ajz
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.VB.ajz
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.3f9c4b
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.VGH
update: 20180323
version: 17105
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBF18
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Trojan.Heur.VB.cm0@ca6Hxrli
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
update: 20170201
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan-Downloader ( 004b75761 )
update: 20180323
version: 10.42.26592
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180323
version: 180323-02
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180322
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.dpolmr
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Trojan.Heur.VB.cm0@ca6Hxrli
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
result: Trojan.Agent/Gen-VB
update: 20180323
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: BehavesLike.Win32.Trojan.nz
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBF18
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
ec2d892626e230edc25ba57050e4eaa7263c1ddb7acf59bdea95c8da3a63c5ef
scan_id
ec2d892626e230edc25ba57050e4eaa7263c1ddb7acf59bdea95c8da3a63c5ef-1521824239
resource
74c2d7b3f9c4bdda52a466e578c689d9
positives
44
scan_date
2018-03-23 16:57:19
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 14:45:42.590Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 14:45:42.606Open1480C:\malware.exeC:\dwmapi.dll
28/2/2020 - 14:45:42.606Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 14:45:42.606Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
28/2/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
28/2/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
28/2/2020 - 14:45:42.622Open1480C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
28/2/2020 - 14:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 14:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 14:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.637Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 14:45:42.653Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:42.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
28/2/2020 - 14:45:42.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
28/2/2020 - 14:45:42.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
28/2/2020 - 14:45:42.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
28/2/2020 - 14:45:42.653Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\desktop.ini
28/2/2020 - 14:45:42.668Read1480C:\malware.exeC:\Users\desktop.ini
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
28/2/2020 - 14:45:42.668Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
28/2/2020 - 14:45:42.668Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
28/2/2020 - 14:45:42.668Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
28/2/2020 - 14:45:42.668Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
28/2/2020 - 14:45:42.668Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
28/2/2020 - 14:45:42.668Unknown1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Read1480C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk\desktop.ini
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk\desktop.ini
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\
28/2/2020 - 14:45:42.793Unknown1480C:\malware.exeC:\
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Monitor
28/2/2020 - 14:45:42.793Unknown1480C:\malware.exeC:\Monitor
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.793Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\LINKINFO.dll
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\linkinfo.dll
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\linkinfo.dll
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\
28/2/2020 - 14:45:42.793Unknown1480C:\malware.exeC:\
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\ntshrui.dll
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 14:45:42.793Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
28/2/2020 - 14:45:42.809Open1480C:\malware.exeC:\srvcli.dll
28/2/2020 - 14:45:42.809Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
28/2/2020 - 14:45:42.809Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\cscapi.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\slc.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Windows\SysWOW64\slc.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Windows\SysWOW64\slc.dll
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.856Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.856Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 14:45:42.856Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:42.856Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk
28/2/2020 - 14:45:42.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk
28/2/2020 - 14:45:42.856Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk
28/2/2020 - 14:45:42.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\malware.lnk
28/2/2020 - 14:45:42.918Open1480C:\malware.exeC:\foldext
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
28/2/2020 - 14:46:41.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
28/2/2020 - 14:46:41.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
28/2/2020 - 14:46:41.622Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
28/2/2020 - 14:46:41.622Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\RpcRtRemote.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 14:46:41.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 14:46:41.715Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 14:46:41.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 14:46:41.903Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
28/2/2020 - 14:46:41.903Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
28/2/2020 - 14:46:42.325Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
28/2/2020 - 14:46:42.325Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
28/2/2020 - 14:46:42.325Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
28/2/2020 - 14:46:42.325Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
28/2/2020 - 14:46:42.325Open1480C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
28/2/2020 - 14:46:42.762Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:42.762Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:46:55.28Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:6.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:17.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:28.903Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:40.200Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:47:51.528Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.231Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
28/2/2020 - 14:48:2.231Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
28/2/2020 - 14:48:2.231Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 14:48:2.231Open1480C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 14:48:2.825Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:2.825Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:14.325Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:25.606Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:37.497Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:48:49.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:1.309Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:12.590Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:24.122Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
28/2/2020 - 14:49:35.418Read1480C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 83.57%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.24%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 78.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 39.79%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.74%
suspicious: False cancel

Add to Collection
Download