Report #9187 check_circle

  • Creation Date: March 10, 2020, 4:35 p.m.
  • Last Update: March 11, 2020, 1:17 a.m.
  • File: adminplug.exe
  • Results:
Binary
DLL
False cancel
Size
5.59MB
trid
35.7% Win32 Executable
16.4% Win16/32 Executable Delphi generic
16.0% OS/2 Executable
15.8% Generic Win/DOS Executable
15.8% DOS Executable Generic
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
2df30b8ab001d8732c5c8f057875d8e2
sha1
0af13fab726c04e5b4ca61edb3912188738e5648
crc32
0x7076298b
sha224
ba36c8e76a77acbf48592bbd545812161fc1de5a04274f3856e2520e
sha256
e27e725a76d3354d1eec641869a7338e3ca5a797c51906b04a6fbfbf8b617c0c
sha384
676f25ca9bc80cf9d184420e58270cff2e93be6d6317f4d83f51c983b5e5bf8ecf9277a3616266bb9e92c90db38e5cc4
sha512
73a14dd0156a1c458ae85fd8ff39b14959c3bf469ba5d078302969f0ddb610ff3abee4f01beed1319b3a0847ae522dcfd5b7b000f26c8049cd029a97ecc16087
ssdeep
98304:5tQ+FvAY/a92lsZH7WOotf2RaSGYMA3LAMtORoBMboEL5WcCQ3yfpz7gQeqofj1F:5W+FYZ2lGH7WOuf2RpGgHtTaEEbhQzMX
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsPE32, IsPacked, contentis_base64, IsWindowsGUI, IP

Suspicious
True check_circle

Strings
List
LR.Kn
E.cI
FE.tk
C.ir
u.Do
G.Ne
EH.nI
H.uS
s.ER
o.RO
U.iR
8.In
5.tn
3W.Am
M.Mu
J.ae
Xb.it
_.My
G.Lb
V.hu
U.gt
v.Sk
7.Ga
5.VE
f.uY
0.Pg
B.sh
N.br
a.SV
XGN.gB
dP.Cy
W.gA
_.bs
d.mn
s.fm
y.sb
h.cC
z.AM
Y.sz
X.EG
4.Ax
zu.cV
z.NZ
M4.TZ
O.cZ
Y.fJ
m.tZ
K.iQ
L.us
z.tR
]EAXp.La
|w6.ao
F/80.sT
HHH.nnl
comctl32.dll
i.est
1.0.0.0
1.0.0.0
c51aE
DBN_APPLYUPDATES
@%?<3
,"\eM2\dEBh`
HA1&fD
ct%/s
@+sRms
F}`To
`I:taw
-bNs,N,m)
SPi%
2Fw\iMjT
,Nif
HI:p
EfD&
PO,E
TO(C
c&on
n&oKS
n:MND
CRfE>
LCT,E
M&oka
c[tuF
,k.ax
mea@Tc
WsrS,E
61awn
<+2rE%e
A}E>%#oo8
nvyoPH%
name="Microsoft.Windows.Common-Controls"
%hf5CI{P
~3HE%AYC
Rd4I
%G1|oin
Nlc1%E}
O+1%os'
`sm%cu#
e:%n2|
E{3%Eu
%8o{H7

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, comctl32.dll
hasFiles: True check_circle
Suspicious: I].Db
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2816512
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 5922455
Suspicous: False cancel

Sections
Allowed: , .rsrc, .idata , , fornidm, fymyzvn
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 11313152
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll, comctl32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-05-24 22:58:57
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 1086
.rsrc: 1816

pushpopmath
none: 470
.rsrc: 1141

ss register
none: 16
.rsrc: 24

garbagebytes
none: 429
.rsrc: 673

hookdetection
none: 44
.rsrc: 67

software breakpoint
none: 43
.rsrc: 40

fakeconditionaljumps
none: 36
.rsrc: 48

programcontrolflowchange
none: 395
.rsrc: 627

cpuinstructionsresultscomparison
none: 1
.rsrc: 62

AVclass
None
1
VirusTotal
md5
2df30b8ab001d8732c5c8f057875d8e2
sha1
0af13fab726c04e5b4ca61edb3912188738e5648
SCANS (DETECTION RATE = 67.16%)
AVG
result: Win32:Banker-KWP [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=81)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.HfsAutoB.5145
update: 20180322
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Spyware ( 0049b33b1 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Trojan.GenericKD.1705640
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Banker-KWP [Trj]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Crypt.TPM.Gen
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.XEWJ-0505
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180323
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.1705640
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/Chgt.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180323
version: 3.12.28.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: TrojWare.Win32.Agent.COC
update: 20180323
version: 28732
detected: True check_circle

F-Prot
result: W32/Trojan4.AFXX
update: 20180323
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Crypt
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!2DF30B8AB001
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180323
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: TrojanSpy.Banker!Zswy26OHIus
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Banker.Win32.96108
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Generic.D1A06A8
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
update: 20180323
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180323
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.1705640
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Generickd!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.1705640 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180323
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Banker.AAWP!tr.spy
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
update: 20180323
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Agent.C430434
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.SGeneric
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180323
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.Multi.daf
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
update: 20180323
version: 1.0
detected: False cancel

Cybereason
result: malicious.ab001d
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/Spy.Banker.AAWP
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_AGENT.TYUBC
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.GenericKD.1705640
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Spyware ( 0049b33b1 )
update: 20180323
version: 10.42.26592
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-02
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180322
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.TPM.darjgg
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.1705640
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Trojan.tc
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_AGENT.TYUBC
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
e27e725a76d3354d1eec641869a7338e3ca5a797c51906b04a6fbfbf8b617c0c
scan_id
e27e725a76d3354d1eec641869a7338e3ca5a797c51906b04a6fbfbf8b617c0c-1521826903
resource
2df30b8ab001d8732c5c8f057875d8e2
positives
45
scan_date
2018-03-23 17:41:43
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/3/2020 - 0:47:44.481Open652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 0:47:44.481Unknown652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 0:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 0:47:45.450Read652C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 0:47:46.543Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:46.543Unknown652C:\malware.exeC:\Monitor
11/3/2020 - 0:47:46.622Open652C:\malware.exeC:\version.dll
11/3/2020 - 0:47:46.622Open652C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 0:47:46.622Open652C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 0:47:46.637Open652C:\malware.exeC:\SHFolder.dll
11/3/2020 - 0:47:46.637Open652C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/3/2020 - 0:47:46.637Open652C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/3/2020 - 0:47:46.997Open652C:\malware.exeC:\winspool.drv
11/3/2020 - 0:47:46.997Open652C:\malware.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 0:47:46.997Open652C:\malware.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 0:47:47.481Open652C:\malware.exeC:\wsock32.dll
11/3/2020 - 0:47:47.481Open652C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
11/3/2020 - 0:47:47.481Open652C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
11/3/2020 - 0:47:47.793Open652C:\malware.exeC:\Monitor
11/3/2020 - 0:47:47.793Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Unknown652C:\malware.exeC:\Monitor\Malware
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 0:47:50.622Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\dwmapi.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\wtsapi32.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\WINSTA.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/3/2020 - 0:47:50.684Open652C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/3/2020 - 0:47:50.778Open652C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 0:47:50.778Read652C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 0:47:50.793Open652C:\malware.exeC:\security.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\SECUR32.DLL
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\olepro32.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 0:47:50.809Open652C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
11/3/2020 - 0:47:50.825Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\Fonts\sserife.fon
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Fwpuclnt.dll
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\IdnDL.dll
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\SysWOW64\idndl.dll
11/3/2020 - 0:47:50.825Open652C:\malware.exeC:\Windows\SysWOW64\idndl.dll
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\msxml6.dll
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\msxml6.dll
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\msxml6r.dll
11/3/2020 - 0:47:50.840Open652C:\malware.exeC:\Windows\SysWOW64\msxml6r.dll
11/3/2020 - 0:47:50.856Open652C:\malware.exeC:\Program Files (x86)\Common Files\System\ado\msado15.dll
11/3/2020 - 0:47:50.856Open652C:\malware.exeC:\Program Files (x86)\Common Files\System\ado\msado15.dll
11/3/2020 - 0:47:50.872Open652C:\malware.exeC:\Program Files (x86)\Common Files\System\ado\MSDART.DLL
11/3/2020 - 0:47:50.872Open652C:\malware.exeC:\Windows\SysWOW64\msdart.dll
11/3/2020 - 0:47:50.872Open652C:\malware.exeC:\Windows\SysWOW64\msdart.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\CRYPTSP.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.981Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\RpcRtRemote.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/3/2020 - 0:47:50.997Unknown652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 0:47:50.997Open652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/3/2020 - 0:47:50.997Unknown652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\malware.exe.Local
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 0:47:51.59Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 0:47:51.59Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.59Unknown652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.59Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:51.75Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:51.75Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:51.90Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 0:47:51.90Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/3/2020 - 0:47:56.903Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/3/2020 - 0:47:56.903Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/3/2020 - 0:47:56.903Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/3/2020 - 0:47:56.903Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\IPHLPAPI.DLL
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\WINNSI.DLL
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:56.950Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:56.950Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/3/2020 - 0:47:56.950Open652C:\malware.exeC:\DNSAPI.dll
11/3/2020 - 0:47:56.965Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/3/2020 - 0:47:56.965Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/3/2020 - 0:47:57.12Open652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/3/2020 - 0:47:57.12Open652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/3/2020 - 0:47:57.12Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/3/2020 - 0:47:57.12Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/3/2020 - 0:47:57.59Open652C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
11/3/2020 - 0:47:57.59Open652C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
11/3/2020 - 0:47:57.59Open652C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
11/3/2020 - 0:47:57.59Open652C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
11/3/2020 - 0:47:57.106Open652C:\malware.exeC:\dhcpcsvc6.DLL
11/3/2020 - 0:47:57.106Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/3/2020 - 0:47:57.106Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/3/2020 - 0:47:57.106Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/3/2020 - 0:47:57.106Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\dhcpcsvc.DLL
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
11/3/2020 - 0:47:57.153Open652C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
11/3/2020 - 0:47:57.215Open652C:\malware.exeC:\rasadhlp.dll
11/3/2020 - 0:47:57.215Open652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/3/2020 - 0:47:57.215Open652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\tskmsgr.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\tskmsgr.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\tskhost.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\tskhost.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\systemn.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\systemn.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\tskhost.exe
11/3/2020 - 0:47:59.340Open652C:\malware.exeC:\Users\Behemot\AppData\Local\tskhost.exe
11/3/2020 - 0:47:59.528Open652C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/3/2020 - 0:47:59.528Open652C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/3/2020 - 0:48:1.372Open652C:\malware.exeC:\Users\Behemot\AppData\Local\robocop2.txt
11/3/2020 - 0:48:1.372Open652C:\malware.exeC:\Users\Behemot\AppData\Local\robocop2.txt
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Users\Behemot\AppData\Local\robocop1.txt
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Windows\SysWOW64\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Windows\system\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Windows\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Monitor\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Windows\SysWOW64\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Windows\libmysql55.dll
11/3/2020 - 0:48:2.372Open652C:\malware.exeC:\Windows\SysWOW64\wbem\libmysql55.dll
11/3/2020 - 0:48:2.418Open652C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\libmysql55.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\system\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Monitor\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\wbem\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\libmysql51.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\system\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Monitor\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\wbem\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\libmysql50.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\system\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Monitor\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\wbem\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\libmariadb.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\system\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Monitor\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\wbem\libmysql.dll
11/3/2020 - 0:48:2.465Open652C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\libmysql.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/3/2020 - 0:47:51.59Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
11/3/2020 - 0:47:51.75Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
11/3/2020 - 0:47:51.75Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
11/3/2020 - 0:47:56.950Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
11/3/2020 - 0:47:56.950Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
11/3/2020 - 0:47:56.950Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
11/3/2020 - 0:47:56.950Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 0:47:56.950Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 0:47:57.168Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:57.168Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:57.168Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:57.168Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:57.356Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:57.356Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:57.356Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:57.356Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
11/3/2020 - 0:47:59.747Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:59.747Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:59.747Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
11/3/2020 - 0:47:59.747Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:59.747Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/3/2020 - 0:47:59.747Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/3/2020 - 0:47:59.747Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/3/2020 - 0:48:1.372Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runaudiosytem

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code www.prosperoano2014.net.br.
computer localhost arrow_forward computer gateway:50273 code www.prosperoano2014.net.br.
computer localhost arrow_forward computer gateway:DNS code www.prosperatecno.net.br.

Response

TCP
Info

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 64.84%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 82.35%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 69.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 67.10%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 89.20%
suspicious: True check_circle

Add to Collection
Download