Report #453

(1)

Binary

DLL False

Size 2.30MB

trid 26.8% InstallShield setup

25.8% Win32 EXE PECompact compressed 19.4% Win32 Executable MS Visual C++

17.2% Win64 Executable

4.0% Win32 Dynamic Link Library

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 e9780acb272981a08382e8386c44f9d6

sha1 c47326c230881e762ce69b789c398307ae866127

crc32 0xe4e28cbb

sha224 f176cf2ef3be2c045d70fed8752d32b908acd37fdd66aa58cb764bf7

sha256 09c9eb55d6be8dfbe03170518bc37f9c4732d6aa80b6e4eeb57514699755c 81c

sha384 4bc2278b6b694180d1f1621c86ab4167850bd8cbdea402926b6d73e5adc61 e735a39534c9f6ee4b77e47bcd030e26c70

sha512 a89962249add8957de742730fa9f96730f12d596f8f8cf817e3004dfa8d45f5 9a909a4fe8c8a4ec97231051a41029e272ba0948b60f8014c3481e4588846 9e68

ssdeep 49152:IOctnPxgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+s wIOTKq5:J2Pp5jKNOj+7

Report #453

Creation Date: Oct. 13, 2019, 3:15 p.m.

Last Update: Oct. 13, 2019, 4:18 p.m.

File:

020 Results:

(2)

Community

Google False

HashLib False

YARA

Matches IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, Ha sDebugData, BASE64_table, escalate_priv, HasRichSignature, VC8_Microsof t_Corporation, DebuggerException__SetConsoleCtrl, spreading_share, creat e_service, antisb_threatExpert, network_dns, cred_local, network_http, win_

files_operation, IsPE32, win_hook, disable_dep, contentis_base64, network_

tcp_socket, SEH__vectored, screenshot, win_token, win_mutex, keylogger, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, migrate_apc, IsWin dowsGUI, Big_Numbers5, DebuggerHiding__Thread, network_udp_sock, anti _dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpr eter, Microsoft_Visual_Cpp_8, win_registry, Typical_Malware_String_Transfor ms, HasOverlay, network_dga, Advapi_Hash_API, Check_Dlls, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious True

Strings

List

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3 /">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xa p/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

(3)

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.

0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/

xap/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/

(4)

">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1 .0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

(5)

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

qhttp://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/

1.1/">

Foremost

Matches 0.exe, 308 KB

Suspicious True

Heuristics

IPs hasIPs: True

Allowed

Suspicious: 13.2.94.58, 0, Unknown hasAllowed: False

hasSuspicious: True

(6)

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: kernel32.dll, USER32.dll, mscoree.dll, GDI32.dll hasFiles: True

Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 225280 Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 4096 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rdata, .data, .rsrc, .reloc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

(7)

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 8.0 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 8316

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: kernel32.dll, user32.dll, mscoree.dll, gdi32.dll hasLibs: True

Suspicious

hasAllowed: True hasSuspicious: False

Timestamp Past: False

Valid: True

Value: 2007-12-03 09:25:51 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation XOR: True

Fuzzing: False

PEDetector

Matches None

Suspicious False

(8)

Disassembly

hasTricks True

Tricks

pushret .rsrc: 26

.text: 33

nopsequence .rsrc: 465

pushpopmath .data: 2

.rsrc: 12 .text: 20 .rdata: 6 .reloc: 2

ss register .rsrc: 1

garbagebytes .rsrc: 10

.text: 12

hookdetection .text: 1

software breakpoint .data: 1 .rsrc: 1 .text: 6 .reloc: 2

fakeconditionaljumps .rsrc: 2 .text: 2

programcontrolflowchange .rsrc: 8 .text: 11

cpuinstructionsresultscomparison .rsrc: 3 .text: 6

AVclass

yakes 1

(9)

VirusTotal

md5 e9780acb272981a08382e8386c44f9d6

sha1 c47326c230881e762ce69b789c398307ae866127

SCANS (DETECTION RATE = 52.86%)

AVG result: Win32:Malware-gen

update: 20190906 version: 18.4.3895.0 detected: True

CMC update: 20190321

version: 1.1.0.977 detected: False

MAX result: malware (ai score=87)

APEX result: Malicious

update: 20190906 version: 5.60 detected: True

Bkav update: 20190903

K7GW update: 20190906

version: 11.65.31928 detected: False

ALYac result: Trojan.GenericKD.40822911

Avast result: Win32:Malware-gen

Avira update: 20190906

(10)

Baidu update: 20190318

Cyren update: 20190906

DrWeb update: 20190906

GData result: Trojan.GenericKD.40822911

update: 20190906

version: A:25.23285B:26.15960 detected: True

Panda update: 20190905

VBA32 result: Trojan.Yakes

update: 20190905 version: 4.0.0 detected: True

VIPRE update: 20190906

version: 77674 detected: False

Zoner update: 20190906

ClamAV update: 20190905

Comodo update: 20190906

version: 31432 detected: False

(11)

F-Prot update: 20190906 version: 4.7.1.166 detected: False

Ikarus update: 20190905

McAfee result: Artemis!E9780ACB2729

Rising result: Trojan.Generic@ML.100 (RDML:geQcY205cLeOjaZdWLbROA) update: 20190906

version: 25.0.0.24 detected: True

Sophos update: 20190906

Yandex result: Trojan.Yakes!IReEXXizNNY

Zillya result: Adware.Yakes.Win32.136

Acronis result: suspicious

Alibaba update: 20190527

Arcabit result: Trojan.Generic.D26EE87F

Cylance result: Unsafe

(12)

Endgame update: 20190819

FireEye result: Generic.mg.e9780acb272981a0

TACHYON update: 20190906

version: 2019-09-06.01 detected: False

Tencent update: 20190906

ViRobot update: 20190905

Webroot update: 20190906

eGambit result: Trojan.Generic

update: 20190906 version: v5.0.5 detected: True

Ad-Aware result: Trojan.GenericKD.40822911

AegisLab result: Trojan.Win32.Yakes.4!c update: 20190906

version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.40822911 (B) update: 20190906

version: 2018.12.0.1641

(13)

detected: True

F-Secure update: 20190905

Fortinet result: W32/GenKryptik.CUBY!tr

Invincea update: 20190904

Jiangmin result: Trojan.Yakes.abzx

Kingsoft update: 20190906

Paloalto result: generic.ml

update: 20190906 version: 1.0 detected: True

Symantec result: ML.Attribute.HighConfidence update: 20190906

Trapmine update: 20190826

AhnLab-V3 result: Malware/Gen.Generic.C2886725 update: 20190906

Antiy-AVL result: Trojan/Win32.Yakes

(14)

Kaspersky result: UDS:DangerousObject.Multi.Generic update: 20190906

Microsoft result: Trojan:Win32/Fuerboos.C!cl update: 20190906

Qihoo-360 update: 20190906

ZoneAlarm update: 20190906

version: 1.0 detected: False

Cybereason result: malicious.b27298

ESET-NOD32 result: a variant of Win32/Kryptik.GNUD update: 20190906

version: 19974 detected: True

TrendMicro update: 20190906

BitDefender result: Trojan.GenericKD.40822911 update: 20190906

CrowdStrike result: win/malicious_confidence_60% (W) update: 20190702

K7AntiVirus update: 20190906

(15)

SentinelOne result: DFI - Malicious PE update: 20190807 version: 1.0.31.22 detected: True

Avast-Mobile update: 20190905

version: 190905-02 detected: False

Malwarebytes result: Trojan.Yakes

TotalDefense update: 20190906

CAT-QuickHeal result: Trojan.Fuerboos update: 20190905 version: 14.00 detected: True

NANO-Antivirus result: Trojan.Win32.Yakes.fkyurj update: 20190906

MicroWorld-eScan result: Trojan.GenericKD.40822911 update: 20190906

SUPERAntiSpyware update: 20190830 version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: Artemis!Trojan update: 20190906 version: v2017.3010 detected: True

TrendMicro-HouseCall update: 20190906 version: 10.0.0.1040 detected: False

(16)

total 70

sha256 09c9eb55d6be8dfbe03170518bc37f9c4732d6aa80b6e4eeb57514699755c 81c

scan_id 09c9eb55d6be8dfbe03170518bc37f9c4732d6aa80b6e4eeb57514699755c 81c-1567748899

resource e9780acb272981a08382e8386c44f9d6

permalink https://www.virustotal.com/file/09c9eb55d6be8dfbe03170518bc37f9c4732 d6aa80b6e4eeb57514699755c81c/analysis/1567748899/

positives 37

scan_date 2019-09-06 05:48:19

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\version.DLL

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\version.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\version.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\WINHTTP.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\winhttp.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\winhttp.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\webio.dll

(17)

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\webio.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\webio.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\NETAPI32.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\netapi32.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\netapi32.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\netutils.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\netutils.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\netutils.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\srvcli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\srvcli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\srvcli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\wkscli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\wkscli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\wkscli.dll

(18)

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\SAMCLI.DLL

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\samcli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\samcli.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Secur32.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\secur32.dll

3/5/2018 - 18:46:10.

450

Op en

C:\malware.ex

e C:\Windows\SysWOW64\secur32.dll

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Windows\Globalization\Sorting\SortDefault.nls

3/5/2018 - 18:46:10.

528

Un kn ow n

C:\malware.ex

e C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Windows\SysWOW64\cmd.exe

3/5/2018 - 18:46:10.

528

Wri te

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

528

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

528

Un kn ow n

C:\malware.ex

e C:\1142062.bat

(19)

3/5/2018 - 18:46:10.

528

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

528

Wri te

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

528

Un kn ow n

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Windows\SysWOW64\rpcss.dll

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Windows\SysWOW64\rpcss.dll

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Windows\SysWOW64\uxtheme.dll

3/5/2018 - 18:46:10.

528

Op en

C:\malware.ex

e C:\Windows\SysWOW64\uxtheme.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

575

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\PROPSYS.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Windows\SysWOW64\propsys.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

(20)

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Windows\SysWOW64\shell32.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\malware.exe.Local

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex e

C:\Windows\winsxs\x86_microsoft.windows.common-controls_

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

3/5/2018 - 18:46:10.

575

Un kn ow n

C:\malware.ex e

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex e

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex e

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

\comctl32.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex e

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

\comctl32.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Windows\WindowsShell.Manifest

3/5/2018 - 18:46:10.

575

Un kn ow n

C:\malware.ex

e C:\Windows\WindowsShell.Manifest WindowsShell.Ma

nifest

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\c versions.1.db

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\c versions.1.db

3/5/2018 - Op C:\malware.ex C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{

(21)

18:46:10.

575

en e AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000 000000000.db

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Users\Behemot\Desktop\desktop.ini

3/5/2018 - 18:46:10.

575

Re ad

C:\malware.ex

e C:\Users\Behemot\Desktop\desktop.ini

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Windows\System32\propsys.dll

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

575

Op en

C:\malware.ex

e C:\Windows\System32\propsys.dll

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Windows\SysWOW64\urlmon.dll

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Windows\SysWOW64\urlmon.dll

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex e

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex e

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es

(22)

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex e

C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Monitor\Malware

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

3/5/2018 - Un

(23)

18:46:10.

684

kn ow n

C:\malware.ex e

C:\Monitor\Malware

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\api-ms-win-downlevel-advapi32-l2-1-0.dll

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex e

C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0 .dll

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex e

api-ms-win-downl evel-advapi32-l2- 1-0.dll

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex e

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex e

api-ms-win-downl evel-advapi32-l2- 1-0.dll

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

(24)

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat:Zone.Identifier

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Windows\SysWOW64\apphelp.dll

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Windows\SysWOW64\apphelp.dll

3/5/2018 - Op C:\malware.ex

(25)

18:46:10.

684

en e C:\Windows\AppPatch\sysmain.sdb

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

684

Un kn ow

C:\malware.ex

(26)

n

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Re ad

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

(27)

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Op en

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

684

Un kn ow n

C:\malware.ex

e C:\1142062.bat

3/5/2018 - 18:46:10.

700

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

700

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

700

Op en

C:\malware.ex

3/5/2018 - 18:46:10.

887

Op en

C:\Windows\Sy sWOW64\cmd.

exe

C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf

3/5/2018 - 18:46:10.

887

Re ad

exe

C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf CMD.EXE-AC113A A8.pf

3/5/2018 - 18:46:10.

887

Re ad

exe

C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf CMD.EXE-AC113A A8.pf

3/5/2018 - 18:46:10.

887

Op en

exe

\Device\HarddiskVolume2

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows

(28)

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\AppPatch

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\AppPatch

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\AppPatch

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\Globalization

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\Globalization\Sorting

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\System32

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\System32

(29)

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\Temp

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\Temp

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\Temp

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\ntdll.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\wow64.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\wow64win.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

(30)

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\wow64cpu.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\kernel32.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\kernel32.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\user32.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\ntdll.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\apisetschema.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\System32\apisetschema.dll apisetschema.dll

3/5/2018 -

18:46:10. Op C:\Windows\Sy

sWOW64\cmd. C:\Windows\SysWOW64\KernelBase.dll

(31)

887 en exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64\KernelBase.dll KernelBase.dll

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\System32\locale.nls

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\cmd.exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\msvcrt.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\winbrand.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\user32.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\gdi32.dll

(32)

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\lpk.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\usp10.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\advapi32.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\sechost.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\rpcrt4.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\sspicli.dll

(33)

3/5/2018 - 18:46:10.

887

Un kn ow n

exe C:\Windows\SysWOW64\sspicli.dll

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\cryptbase.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64\cryptbase.dll cryptbase.dll

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\imm32.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\msctf.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\Globalization\Sorting\SortDefault.nls

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\SysWOW64\apphelp.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\BOOTSECT.EXE

3/5/2018 -

Op C:\Windows\Sy

(34)

18:46:10.

887

en sWOW64\cmd.

exe

C:\Windows\AppPatch\sysmain.sdb

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\Temp\TMP000000032EDF9B37C5E17B29

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nls

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Op en

exe

C:\BOOTSECT.EXE

3/5/2018 - 18:46:10.

887

Op en

exe

C:\Windows\Temp\TMP000000032EDF9B37C5E17B29

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Re ad

exe

(35)

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Re ad

exe C:\Windows\SysWOW64\winbrand.dll

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Re ad

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

(36)

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\System32\apisetschema.dll apisetschema.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64\KernelBase.dll KernelBase.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64\sspicli.dll

(37)

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

C:\Windows\SysWOW64\cryptbase.dll cryptbase.dll

3/5/2018 - 18:46:10.

887

Un kn ow n

exe

3/5/2018 - 18:46:10.

903

Un kn ow n

exe

3/5/2018 - 18:46:10.

903

Un kn ow n

exe

3/5/2018 - 18:46:10.

903

Un kn ow n

exe

\Device\HarddiskVolume2

3/5/2018 - 18:46:10.

903

Op en

exe

C:\Windows

3/5/2018 - 18:46:10.

903

Op en

exe

3/5/2018 - 18:46:10.

903

Op en

exe

3/5/2018 - 18:46:10.

903

Op en

exe

3/5/2018 - 18:46:10.

903

Op en

exe

3/5/2018 - 18:46:10.

903

Op en

exe

3/5/2018 - 18:46:10.

903

Op en

exe

3/5/2018 - 18:46:10. Op

en

C:\Windows\Sy

sWOW64\cmd. C:\Windows\System32\wow64log.dll

(38)

903 exe

3/5/2018 - 18:46:10.

903

Op en

exe

C:\Windows

3/5/2018 - 18:46:10.

903

Un kn ow n

exe

C:\Windows

3/5/2018 - 18:46:10.

903

Op en

exe

C:\Monitor

3/5/2018 - 18:46:10.

950

Un kn ow n

C:\malware.ex

e C:\Windows

3/5/2018 - 18:46:10.

950

Un kn ow n

C:\malware.ex

e C:\Monitor

3/5/2018 - 18:46:10.

950

Un kn ow n

C:\malware.ex e

6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

3/5/2018 - 18:46:11.

106

Op en

exe

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 -

Op C:\Windows\Sy

(39)

18:46:11.

122

en sWOW64\cmd.

exe

3/5/2018 - 18:46:11.

122

Op en

exe C:\Windows\SysWOW64\imm32.dll

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 - 18:46:11.

122

Op en

exe

3/5/2018 - 18:46:11.

122

Re ad

exe

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\"C:\Monitor\Malware\1142062.bat"

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\Malware

(40)

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11. Op

en

C:\Windows\Sy

sWOW64\cmd. C:\Monitor\Malware

(41)

122 exe

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor

(42)

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor

3/5/2018 - 18:46:11.

122

Op en

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\Monitor\Malware

3/5/2018 - 18:46:11.

122

Un kn ow n

exe

C:\1142062.bat

3/5/2018 - 18:46:11.

122

Op en

exe

C:\1142062.bat

3/5/2018 -

Re C:\Windows\Sy