Report #9296 check_circle

  • Creation Date: March 11, 2020, 2:40 p.m.
  • Last Update: March 11, 2020, 3:28 p.m.
  • File: Atualizaseguranca.exe
  • Results:
Binary
DLL
False cancel
Size
1.02MB
trid
91.4% WinRAR Self Extracting archive
3.4% Win32 Executable MS Visual C++
3.0% Win64 Executable
0.7% Win32 Dynamic Link Library
0.5% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
5d0db4b6b53663cb283253f0b2685c44
sha1
dd7afee54db6caf2516e40cee4259e511a648b84
crc32
0x7e63bce0
sha224
cac1f5226d3a76738c8cd222f2b5baf7e8a1690ace61457ddada0181
sha256
ce7ea0afb49dd15b1975f1e44d879c8abc3b8dc430209ac18512a7f55b957174
sha384
5c81daae8b6194d6c02ab20f1609b551c2cecfffe4a5d3fbc36a62a76b5b9c41f7262c95c57b273ae817aa12c5fcc3f1
sha512
ce5a2e54ae9da8e11b5a606142cede4ee0c3bcc6dd25ae0db8632d167890560ebd2207de32ce577f2350065368b4a04cceb76f9745a300049a76a730d4b8e200
ssdeep
24576:iq5+3boDuMj2dltL4jLdrC+Dr6Soads3n5ES:X5Abgu8J5DGSNds35ES
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, screenshot, HasDebugData, url, HasRichSignature, contentis_base64, Microsoft_Visual_Cpp_8, win_registry, IsPacked, HasOverlay, CRC32_poly_Constant, win_files_operation, IsPE32, IsWindowsGUI, IP

Suspicious
True check_circle

Strings
List
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb
E.ma
Setup=C:\Windows\addins\nota.cpl
%s.%d.tmp
G.Am
AMp.pW
Crypt32.dll
39.fr
Delete=C:\Windows\addins\nota.cpl
m.Pk
>!E.BH
;\o.Ch
Mn C.RS
COMCTL32.dll
nota.cpl
nota.cpl
riched32.dll
riched20.dll
Extracting %s
Unknown encryption method in %s$The specified password is incorrect.
,N~$L'fo
,NGA
Cannot create folder %sHChecksum error in the encrypted file %s. Corrupt file or wrong password.
1aOf
D?sQbafl
name="Microsoft.Windows.Common-Controls"
&%9FNt-
g5SD%e+
^o%AY4
with this one?
%i"[O
T>Y%iD
%peioX3
__tmp_rar_sfx_access_check_%u
eLFh
Delete
IPsC
GE%co
-el -s2 "-d%s" "-p%s" "-sp%s"
Software\Microsoft\Windows\CurrentVersion
Wrong password for %s5Write error in the file %s. Probably the disk is full
Next volume is required
Extracting from %s
o em %s"
Et "%n
o nos dados comprimidos em %s"
Please download a fresh copy and retry the installation All files
lico %s"
2The archive is either in unknown format or damaged
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
vel copiar %s para %s."
Skipping %s
todo desconhecido em %s"
AYou may need to run this self-extracting archive as administrator
vel criar a pasta %s"
Cannot copy %s to %s.
vel criar %s"
vel abrir %s"
Cannot open %s
Software\WinRAR SFX
You need to have the following volume to continue extraction:
o podem exceder %d caracteres"
Cannot create %s
Unknown method in %s
Read error in the file %s
GETPASSWORD1
GETPASSWORD1
winrarsfxmappingfile.tmp
Extracting files to %s folder$Extracting files to temporary folder
mscoree.dll
<head><meta http-equiv="content-type" content="text/html; charset=
yA:\i
Shell.Explorer
<requestedPrivileges>
publicKeyToken="6595b64144ccf1df"
bdba36ee="Extraindo de %s"
e6184908="Ignorando %s"
c2f7663d="Extraindo %s"
69c2a2cc="Extraindo arquivos para a pasta %s"
d7b7d4f4="Senha incorreta para %s"
ximo volume"
68a8444a="Erro de leitura no arquivo %s"
; Dialog GETPASSWORD1
GetProcAddress
alho do arquivo \"%s\" est
ExitProcess
; <ul> tag must be present in both strings, this is not a mistake.
Presetup
o no arquivo %s. Provavelmente o disco est
Maximum allowed array size (%u) is exceeded
vel criar o link principal %s"
SetupCode
IsDebuggerPresent
The file "%s" header is corrupt
Installation progress
TerminateProcess
ShellExecuteExW
VirtualAlloc
CoCreateInstance

Foremost
Matches
284.zip, 916 KB, 0.exe, 138 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Files
Allowed: KERNEL32.DLL, Crypt32.dll, riched32.dll, riched20.dll, mscoree.dll, ADVAPI32.dll, SHLWAPI.dll, OLEAUT32.dll, USER32.DLL, SHELL32.dll, COMCTL32.dll, GDI32.dll, ole32.dll
hasFiles: True check_circle
Suspicious: %s.%d.tmp, winrarsfxmappingfile.tmp
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 231936
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 9.0
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 67583
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, crypt32.dll, riched32.dll, riched20.dll, mscoree.dll, advapi32.dll, shlwapi.dll, oleaut32.dll, user32.dll, shell32.dll, comctl32.dll, gdi32.dll, ole32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2013-05-09 08:06:59
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 1
.text: 2

pushpopmath
.text: 1
.rdata: 8

garbagebytes
.text: 2

stealthimport
.rdata: 1

programcontrolflowchange
.text: 2

cpuinstructionsresultscomparison
.rsrc: 4

AVclass
chepro
1
VirusTotal
md5
5d0db4b6b53663cb283253f0b2685c44
sha1
dd7afee54db6caf2516e40cee4259e511a648b84
SCANS (DETECTION RATE = 64.18%)
AVG
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=81)
update: 20180324
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
update: 20180323
version: 10.42.26598
detected: False cancel

ALYac
result: Trojan.GenericKD.4637067
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Black.Gen2
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.NLYJ-2962
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180323
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.4637067
update: 20180323
version: A:25.16481B:25.11861
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanBanker.ChePro
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
update: 20180324
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
update: 20180323
version: 28733
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-PSW.Banker
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!5D0DB4B6B536
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180323
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/VMProtBad-A
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.ChePro!
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180323
version: 2.0.0.3519
detected: False cancel

Arcabit
result: Trojan.Generic.D46C18B
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180324
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180316
version: 2.0.5
detected: False cancel

Tencent
result: Win32.Trojan-banker.Chepro.Svrp
update: 20180324
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180324
version: v4.3.5
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.4637067
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Banker.W32.Chepro!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.4637067 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.4637056
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
update: 20180323
version: 5.4.247.0
detected: False cancel

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Trojan.Banker.ChePro.jh
update: 20180323
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180324
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180324
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
update: 20180323
version: 3.12.0.20130
detected: False cancel

Antiy-AVL
result: Trojan[Banker]/Win32.ChePro
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.ChePro.lna
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/Malware.QVM06.Gen
update: 20180324
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.ChePro.lna
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.6b5366
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Packed.VMProtect.ABR
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_BANDROP.FUX
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.GenericKD.4637067
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20180323
version: 10.42.26598
detected: False cancel

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.ChePro
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.ChePro.dbqrlx
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.4637067
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
result: Hack.Tool/Gen-WinActivator
update: 20180323
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.tc
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANDROP.FUX
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
ce7ea0afb49dd15b1975f1e44d879c8abc3b8dc430209ac18512a7f55b957174
scan_id
ce7ea0afb49dd15b1975f1e44d879c8abc3b8dc430209ac18512a7f55b957174-1521848232
resource
5d0db4b6b53663cb283253f0b2685c44
positives
43
scan_date
2018-03-23 23:37:12
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/3/2020 - 14:45:42.840Open1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:42.887Unknown1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:42.934Open1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:42.934Unknown1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:42.934Open1480C:\malware.exeC:\PROPSYS.dll
11/3/2020 - 14:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:42.934Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:42.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 14:45:42.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 14:45:42.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 14:45:42.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 14:45:42.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
11/3/2020 - 14:45:42.981Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 14:45:42.981Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 14:45:42.981Unknown1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\version.DLL
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Secur32.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 14:45:43.75Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 14:45:43.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\addins\nota.cpl:Zone.Identifier
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Program Files (x86)
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Program Files (x86)
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\addins
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.153Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Read1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.153Read1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.184Unknown1480C:\malware.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\SysWOW64\sfc.dll
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\SysWOW64\sfc.dll
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\sfc_os.DLL
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\SysWOW64\sfc_os.dll
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\SysWOW64\sfc_os.dll
11/3/2020 - 14:45:43.184Open1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.184Read1480C:\malware.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\Prefetch\CONTROL.EXE-BF4439E1.pf
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.278Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\addins
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\
11/3/2020 - 14:45:43.278Unknown2752C:\Windows\SysWOW64\control.exeC:\
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.278Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.278Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\AcLayers.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\AcLayers.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\AcLayers.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\mpr.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\mpr.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.278Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.293Open2752C:\Windows\SysWOW64\control.exeC:\Windows\addins
11/3/2020 - 14:45:43.293Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\addins
11/3/2020 - 14:45:43.293Open2752C:\Windows\SysWOW64\control.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 14:45:43.293Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 14:45:43.293Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 14:45:43.293Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 14:45:43.293Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 14:45:43.293Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\control.exe.Local
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:43.340Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 14:45:43.340Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 14:45:43.340Read2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 14:45:43.340Unknown2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\System32\propsys.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\urlmon.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\urlmon.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 14:45:43.340Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe:Zone.Identifier
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\addins
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\addins
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.356Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Read2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.356Read2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.372Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\sfc.dll
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\sfc.dll
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\sfc_os.dll
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\SysWOW64\sfc_os.dll
11/3/2020 - 14:45:43.418Open2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Read2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.418Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms$$_system32_21f9a9c4a2f8b514.cdf-ms
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\Prefetch\RUNDLL32.EXE-CF0D8B23.pf
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.465Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 14:45:43.465Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\
11/3/2020 - 14:45:43.481Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.481Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.481Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\AcLayers.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\AcLayers.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\AcLayers.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\mpr.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\mpr.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\acwow64.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\acwow64.dll
11/3/2020 - 14:45:43.481Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\acwow64.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 14:45:43.497Read2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\Shell32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\Shell32.dll.manifest
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\Shell32.dll.123.Manifest
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 14:45:43.497Read2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 14:45:43.497Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Read2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Read2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl.manifest
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl.123.Manifest
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl.124.Manifest
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl.2.Manifest
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Read2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.543Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\addins\nota.cpl
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shfolder.dll
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\shfolder.dll
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe.Local
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 14:45:43.559Unknown2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
11/3/2020 - 14:45:43.559Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
11/3/2020 - 14:45:43.575Open2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 14:45:43.575Read2172C:\Windows\SysWOW64\rundll32.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 14:45:43.590Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows
11/3/2020 - 14:45:43.590Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\addins
11/3/2020 - 14:45:43.590Unknown2752C:\Windows\SysWOW64\control.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:44.184Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:44.184Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:44.184Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 14:45:44.184Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 14:45:44.184Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 14:45:44.184Unknown1480C:\malware.exeC:\Windows\addins

Process
Trace
11/3/2020 - 14:45:43.153Create1480C:\malware.exe2752C:\Windows\SysWOW64\control.exe
11/3/2020 - 14:45:43.356Create2752C:\Windows\SysWOW64\control.exe2172C:\Windows\SysWOW64\rundll32.exe
11/3/2020 - 14:45:43.590Terminate1480C:\malware.exe2752C:\Windows\SysWOW64\control.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 14:45:43.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 14:45:43.356Write2752C:\Windows\SysWOW64\control.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 88.87%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 92.70%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 50.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 45.81%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: False cancel

Add to Collection
Download