Binary
DLL False
Size 1003.00KB
trid 61.7% Win64 Executable
14.7% Win32 Dynamic Link Library 10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type PE
wordsize 32
Subsystem Windows GUI
Hashes
md5 09e4f373b1846fede838eb66f1e87d24
sha1 9dab1f38bdf3589410fd73b359e58187cb705312
crc32 0xe173e070
sha224 dadcb65a27700773de91f3cc4104cf5e8cd04d37f375a5daf223b07d
sha256 df087661786fb76daea9f5e1dc94bf268622b65c20edba95f5eec9bf400900e f
sha384 986376b5ef8bb1e6e5d32223c01b86ee3227f3602fadb0a925868ab699084 ee6ca5b085234ac54ea7321dc674061b9fe
sha512 0a0a868d97a3a472a375954525524cf7853c22e940127042c70b2584298c5 f55e841ec6214e8673d2e3ee2b7c2e9d7bb37d2af213093247f2177eab71e 64effe
ssdeep 24576:tCdxte/80jYLT3U1jfsWaljwbpo7ZWlsT7Q:kw80cTsjkWaljwbp2iz
Community
Report #6046
Creation Date: Feb. 13, 2020, 6:01 p.m.
Last Update: Feb. 13, 2020, 11:38 p.m.
File:
98985646797646796496.exe Results:
Google False
HashLib False
YARA
Matches domain, HasDebugData, CRC32_poly_Constant, escalate_priv, HasRichSign ature, VC8_Microsoft_Corporation, CRC32_table, network_http, win_files_op eration, IsPE32, AutoIT_compiled_script, screenshot, IP, contentis_base64, k eylogger, win_token, AutoIt, IsWindowsGUI, inject_thread, anti_dbg, Microso ft_Visual_Cpp_8, win_registry
Suspicious True
Strings
List
I.SD 9.GB
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" p rocessorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
Gt.Ht$
WSOCK32.dll
FSoftware\AutoIt v3\AutoIt COMCTL32.dll
USERENV.dll VERSION.dll WININET.dll WINMM.dll UxTheme.dll 0.0.0.0 MPR.dll
AUTOITCALLVARIABLE%d 255.255.255.255
SeDebugPrivilege SeRestorePrivilege ,N\h
<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<
\Include\
fr-be fr-ch fr-ca
This is a third-party compiled AutoIt script.
BACKSPACE Hebrew
TaskbarCreated BInclude
HOTKEYPRESSED HOTKEYSET closed
regular expression is too large
invalid range in character class failed to get memory
too many forward references failed to get memory
number is too big 4aw%z.ms
\ at end of pattern
\c at end of pattern
two named subpatterns have the same name BROWSER_SEARCH
HKEY_CLASSES_ROOT TCPSHUTDOWN BROWSER_REFRESH
AutoIt has detected the stack has become corrupt.
BROWSER_BACK BROWSER_FORWARD BROWSER_STOP BROWSER_HOME LAUNCH_MAIL
BROWSER_FAVORTIES HKEY_LOCAL_MACHINE Line %d (File "%s"):
VOLUME_UP VOLUME_DOWN VOLUME_MUTE
] is an invalid data character in JavaScript compatibility mode LAUNCH_MEDIA
SOFTWARE\Classes\
Line %d:
TCPLISTEN FtpOpenFileW
SYSTEM\CurrentControlSet\Control\Nls\Language FtpGetFileSize
FTPSETPROXY SW_HIDE
AUTOITWINGETTITLE GETCURRENTSELECTION TCPCLOSESOCKET TCPCONNECT
HTTPSETUSERAGENT GETSELECTEDCOUNT GETSELECTED HTTPSETPROXY WINGETCLASSLIST EWM_GETCONTROLNAME EControl Panel\Mouse Control Panel\Appearance HttpOpenRequestW HttpSendRequestW /AutoIt3OutputDebug mscoree.dll
LAUNCH_APP2 LAUNCH_APP1 WIN_VISTA
SeShutdownPrivilege SeBackupPrivilege SeIncreaseQuotaPrivilege /AutoIt3ExecuteLine
SeAssignPrimaryTokenPrivilege
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRR RRDEFGHIJKLMNO
AUTOIT.ERROR
#requireadmin
>>>AUTOIT SCRIPT<<<
SHELLDLL_DefView LOCALAPPDATADIR
<requestedPrivileges>
\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
Foremost
Matches 0.exe, 1003 KB
Suspicious True
Heuristics
IPs hasIPs: True
Allowed: 255.255.255.255, 1, record Suspicious
hasAllowed: True hasSuspicious: False
URLs Allowed
hasURLs: False Suspicious
hasAllowed: False hasSuspicious: False
Files Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, OLEAUT32.dl l, ADVAPI32.dll, VERSION.dll, UxTheme.dll, WSOCK32.dll, SHELL32.dll, PSAPI .DLL, COMCTL32.dll, ole32.dll, IPHLPAPI.DLL, WININET.dll, USERENV.dll, WIN MM.dll, GDI32.dll, MPR.dll, COMDLG32.dll
hasFiles: True Suspicious
hasAllowed: True hasSuspicious: False
Binary
Sizes RVA
RVA: 16
Suspicious: False Code
Size: 444928 Suspicious: False Image
Address: 4194304 Suspicious: False Stack
Stack: 4096 Suspicious: False Headers
Headers: 1024 Suspicious: False Suspicious: False
Symbols Number
Number: 0
Suspicious: True Pointer
Pointer: 0
Suspicious: True Directories Number: 16 Suspicious: False
Checksum Value: 1063899
Suspicous: False
Sections Allowed: .text, .rdata, .data, .rsrc, .reloc Suspicious
hasAllowed: True hasSections: True hasSuspicious: False
Versions OS
Version: 5
Suspicious: False Image
Version: True Suspicious: 5 Linker
Version: 12.0 Suspicious: False Subsystem
Version: 5.1 Suspicious: False Suspicious: False
EntryPoint Address: 163658
Suspicious: False
Anomalies Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateSt amp do not match.
hasAnomalies: True
Libraries Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, oleaut32.dll, ad vapi32.dll, version.dll, uxtheme.dll, wsock32.dll, shell32.dll, psapi.dll, comct l32.dll, ole32.dll, wininet.dll, userenv.dll, winmm.dll, gdi32.dll, mpr.dll, comd
lg32.dll
hasLibs: True
Suspicious: iphlpapi.dll hasAllowed: True hasSuspicious: True
Timestamp Past: False
Valid: True
Value: 2017-10-03 10:39:58 Future: False
Compilation Packed: False
Missing: False Packers
Compiled: True
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation
Obfuscation XOR: False
Fuzzing: True
PEDetector
Matches None
Suspicious False
Disassembly
hasTricks True
Tricks
pushret .data: 1
.rsrc: 99 .text: 2 .rdata: 24
nopsequence .text: 1
pushpopmath .rsrc: 60
.text: 30 .rdata: 7 .reloc: 22
ss register .rsrc: 4
garbagebytes .data: 1 .rsrc: 25 .text: 2 .rdata: 13
hookdetection .rsrc: 2
.rdata: 3 .reloc: 3
stealthimport .text: 1
software breakpoint .rsrc: 6 .text: 20 .rdata: 3 .reloc: 5
fakeconditionaljumps .rsrc: 1
programcontrolflowchange .data: 1 .rsrc: 24 .text: 2 .rdata: 13
cpuinstructionsresultscomparison .rsrc: 7 .rdata: 9
AVclass
autoit 1
VirusTotal
md5 09e4f373b1846fede838eb66f1e87d24
sha1 9dab1f38bdf3589410fd73b359e58187cb705312
SCANS (DETECTION RATE = 62.32%)
AVG result: Win32:Malware-gen
update: 20181123 version: 18.4.3895.0 detected: True
CMC update: 20181122
version: 1.1.0.977 detected: False
MAX result: malware (ai score=79) update: 20181123
version: 2018.9.12.1 detected: True
Bkav update: 20181122
version: 1.3.0.9899 detected: False
K7GW update: 20181123
version: 11.13.29124 detected: False
ALYac result: Trojan.GenericKD.12455343
update: 20181123 version: 1.1.1.5 detected: True
Avast result: Win32:Malware-gen
update: 20181123 version: 18.4.3895.0 detected: True
Avira result: HEUR/AGEN.1000268
update: 20181123 version: 8.3.3.6 detected: True
Baidu update: 20181123
version: 1.0.0.2 detected: False
Cyren result: W32/AutoIt.GS.gen!Eldorado
update: 20181123 version: 6.2.0.1 detected: True
DrWeb update: 20181123
version: 7.0.34.11020 detected: False
GData result: Trojan.GenericKD.12455343
update: 20181123
version: A:25.19513B:25.13737 detected: True
Panda result: Trj/CI.A update: 20181121 version: 4.6.4.2 detected: True
VBA32 result: TrojanDownloader.Banload
update: 20181122 version: 3.34.0 detected: True
Zoner result: TrojanAgent.Generic
update: 20181123 version: 1.0 detected: True
ClamAV update: 20181122
version: 0.100.2.0 detected: False
Comodo result: Malware@#198e2hcpxma61
update: 20181123 version: 30014 detected: True
F-Prot result: W32/AutoIt.GS.gen!Eldorado
update: 20181123 version: 4.7.1.166 detected: True
Ikarus result: Trojan-Downloader.Win32.AutoIt update: 20181122
version: 0.1.5.2 detected: True
McAfee result: Artemis!09E4F373B184
update: 20181123 version: 6.0.6.653 detected: True
Rising update: 20181123
version: 25.0.0.24 detected: False
Sophos update: 20181123
version: 4.98.0 detected: False
Yandex update: 20181122 version: 5.5.1.3 detected: False
Zillya update: 20181122
version: 2.0.0.3698 detected: False
Alibaba update: 20180921
version: 0.1.0.2 detected: False
Arcabit result: Trojan.Generic.DBE0DAF
update: 20181123 version: 1.0.0.834 detected: True
Babable update: 20180918
version: 9107201 detected: False
Cylance update: 20181123
version: 2.3.1.101 detected: False
Endgame result: malicious (moderate confidence) update: 20181108
version: 3.0.2 detected: True
TACHYON update: 20181123
version: 2018-11-23.01 detected: False
Tencent result: Win32.Trojan-downloader.Banload.Isq update: 20181123
version: 1.0.0.1 detected: True
ViRobot update: 20181123
version: 2014.3.20.0 detected: False
Webroot update: 20181123
version: 1.0.0.403 detected: False
eGambit update: 20181123 version: v4.3.5 detected: False
Ad-Aware result: Trojan.GenericKD.12455343
update: 20181123 version: 3.0.5.370 detected: True
AegisLab update: 20181123
version: 4.2 detected: False
Emsisoft result: Trojan-Downloader.Autoit (A) update: 20181123
version: 2018.4.0.1029 detected: True
F-Secure result: Trojan.GenericKD.12455343
update: 20181123 version: 11.0.19100.45 detected: True
Fortinet result: W32/Autoit.GS!tr
update: 20181123 version: 5.4.247.0 detected: True
Invincea result: heuristic
update: 20181108 version: 6.3.6.26157 detected: True
Jiangmin update: 20181123
version: 16.0.100 detected: False
Kingsoft update: 20181123
version: 2013.8.14.323 detected: False
Paloalto result: generic.ml
update: 20181123 version: 1.0 detected: True
Symantec result: ML.Attribute.HighConfidence update: 20181123
version: 1.8.0.0 detected: True
Trapmine result: malicious.high.ml.score update: 20180918
version: 3.0.9.612 detected: True
AhnLab-V3 result: Downloader/Win32.Banload.C2241541 update: 20181122
version: 3.13.1.22397 detected: True
Antiy-AVL result: Trojan/Generic.ASVCS3S.1E5 update: 20181123
version: 3.0.0.1 detected: True
Kaspersky result: Trojan-Downloader.Win32.Banload.aauar update: 20181123
version: 15.0.1.13 detected: True
Microsoft result: Trojan:Win32/Tiggre!rfn update: 20181123
version: 1.1.15400.5 detected: True
Qihoo-360 result: Win32/Trojan.Script.ed4 update: 20181123
version: 1.0.0.1120 detected: True
TheHacker update: 20181118
version: 6.8.0.5.3867 detected: False
Trustlook update: 20181123
version: 1.0 detected: False
ZoneAlarm result: Trojan-Downloader.Win32.Banload.aauar update: 20181123
version: 1.0 detected: True
Cybereason result: malicious.3b1846 update: 20180225 version: 1.2.27 detected: True
ESET-NOD32 result: a variant of Win32/TrojanDownloader.Autoit.OGO update: 20181123
version: 18427 detected: True
TrendMicro result: TROJ_GEN.R002C0GGI18
update: 20181123 version: 10.0.0.1040 detected: True
BitDefender result: Trojan.GenericKD.12455343 update: 20181123
version: 7.2 detected: True
CrowdStrike result: malicious_confidence_100% (W) update: 20181022
version: 1.0 detected: True
K7AntiVirus result: Trojan-Downloader ( 00516bcd1 ) update: 20181123
version: 11.13.29124 detected: True
SentinelOne result: static engine - malicious update: 20181011
version: 1.0.19.245 detected: True
Avast-Mobile update: 20181122
version: 181122-00 detected: False
Malwarebytes update: 20181123
version: 2.1.1.1115 detected: False
TotalDefense update: 20181122
version: 37.1.62.1 detected: False
CAT-QuickHeal result: Trojan.IGENERIC update: 20181122 version: 14.00 detected: True
NANO-Antivirus result: Trojan.Win32.AutoIt.etnrqv update: 20181123
version: 1.0.134.24299 detected: True
MicroWorld-eScan result: Trojan.GenericKD.12455343 update: 20181123
version: 14.0.297.0 detected: True
SUPERAntiSpyware update: 20181121 version: 5.6.0.1032 detected: False
McAfee-GW-Edition result: BehavesLike.Win32.Downloader.fh update: 20181123
version: v2017.3010 detected: True
TrendMicro-HouseCall result: TROJ_GEN.R002C0GGI18 update: 20181123
version: 10.0.0.1040 detected: True
total 69
sha256 df087661786fb76daea9f5e1dc94bf268622b65c20edba95f5eec9bf400900e f
scan_id df087661786fb76daea9f5e1dc94bf268622b65c20edba95f5eec9bf400900e f-1542950638
resource 09e4f373b1846fede838eb66f1e87d24
permalink https://www.virustotal.com/file/df087661786fb76daea9f5e1dc94bf268622b 65c20edba95f5eec9bf400900ef/analysis/1542950638/
positives 43
scan_date 2018-11-23 05:23:58
verbose_msg Scan finished, information embedded
response_code 1
File
Trace
13/2/2020 - 22:45:43.49 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming
13/2/2020 - 22:45:43.49 7
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming
13/2/2020 - 22:45:43.59 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\checher.log
13/2/2020 - 22:45:43.59 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 22:45:43.59 0
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft
13/2/2020 - 22:45:43.59 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\checher.log
13/2/2020 - 22:45:43.59 0
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\checher.log
13/2/2020 - 22:45:43.59 0
Writ e
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\checher.log
13/2/2020 - 22:45:43.59 0
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\checher.log
13/2/2020 - 22:46:28.21 5
Ope n
1 4 8
C:\mal ware.e
xe C:\Users\Behemot\AppData\Roaming\VM0d211
0
13/2/2020 - 22:46:28.21 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\VM0d211
13/2/2020 - 22:46:28.21 5
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\VM0d211
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Secur32.dll
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\secur32.dll
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\secur32.dll
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files
13/2/2020 - 22:46:29.12
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1- 0.dll
13/2/2020 - 22:46:29.12
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1- 0.dll
api-ms-win-downlev el-advapi32-l2-1-0.d ll
13/2/2020 - 22:46:29.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1- 0.dll
13/2/2020 - 22:46:29.12
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1- 0.dll
api-ms-win-downlev el-advapi32-l2-1-0.d ll
13/2/2020 - 22:46:29.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files\counters.dat
13/2/2020 - 22:46:29.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:29.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:29.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\webio.dll
13/2/2020 - 22:46:29.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\webio.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\mswsock.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\mswsock.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wship6.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wship6.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.
dll
13/2/2020 - 22:46:29.10 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.
dll
api-ms-win-downlev el-shlwapi-l2-1-0.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.
dll
13/2/2020 - 22:46:29.10 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.
dll
api-ms-win-downlev el-shlwapi-l2-1-0.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertific ates\My\Certificates
13/2/2020 - 22:46:29.10 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertific ates\My\Certificates
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertific ates\My\CRLs
13/2/2020 - 22:46:29.10 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertific ates\My\CRLs
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertific ates\My\CTLs
13/2/2020 - 22:46:29.10 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertific ates\My\CTLs
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\DNSAPI.dll
13/2/2020 - 1 C:\mal
22:46:29.10 6
Ope n
4 8 0
ware.e xe
C:\Windows\SysWOW64\dnsapi.dll
13/2/2020 - 22:46:29.10 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dnsapi.dll
13/2/2020 - 22:46:29.24 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\netprofm.dll
13/2/2020 - 22:46:29.24 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\netprofm.dll
13/2/2020 - 22:46:29.24 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\nlaapi.dll
13/2/2020 - 22:46:29.24 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\nlaapi.dll
13/2/2020 - 22:46:29.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\dhcpcsvc6.DLL
13/2/2020 - 22:46:29.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dhcpcsvc6.dll
13/2/2020 - 22:46:29.29 3
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll
13/2/2020 - 22:46:29.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dhcpcsvc6.dll
13/2/2020 - 22:46:29.29 3
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dhcpcsvc6.dll dhcpcsvc6.dll
13/2/2020 - Ope 1
4 C:\mal
22:46:29.34 0
n 8
0
ware.e xe
C:\CRYPTSP.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\cryptsp.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\cryptsp.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - Ope 1
4 C:\mal
22:46:29.34 0
n 8
0
ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rsaenh.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\RpcRtRemote.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\RpcRtRemote.dll
13/2/2020 - 22:46:29.34 0
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\RpcRtRemote.dll
13/2/2020 - 22:46:29.34 0
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\RpcRtRemote.dll RpcRtRemote.dll
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot
13/2/2020 - 22:46:29.34
Unk now
1
4 C:\mal ware.e
0 n 8 0
xe C:\Users\Behemot
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local
13/2/2020 - 22:46:29.34 0
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files
13/2/2020 - 22:46:29.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files\Content.IE5
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporar y Internet Files\Content.IE5
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot
13/2/2020 - 22:46:29.35
Unk now
1
4 C:\mal
ware.e C:\Users\Behemot
6 n 8 0
xe
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cooki es
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot
13/2/2020 - 22:46:29.35
Unk now
1 4 8
C:\mal
ware.e C:\Users\Behemot
6 n 0 xe
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\H istory.IE5
13/2/2020 - 22:46:29.35 6
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\H istory.IE5
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\WSHTCPIP.DLL
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\WSHTCPIP.DLL
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8
C:\mal ware.e xe
C:\dhcpcsvc.DLL
0
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dhcpcsvc.dll
13/2/2020 - 22:46:29.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\dhcpcsvc.dll
13/2/2020 - 22:46:29.40 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\rasadhlp.dll
13/2/2020 - 22:46:29.40 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rasadhlp.dll
13/2/2020 - 22:46:29.40 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rasadhlp.dll
13/2/2020 - 22:46:29.45 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\npmproxy.dll
13/2/2020 - 22:46:29.45 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\npmproxy.dll
13/2/2020 - 22:46:29.54 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\VM0d211\p79T1Kc5.gdb
13/2/2020 - 22:46:29.54 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\VM0d211\p79T1Kc5.gdb
13/2/2020 - 22:46:29.54 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\VM0d211
13/2/2020 - 22:46:29.54 3
Unk now n
1 4 8
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\VM0d211
0
13/2/2020 - 22:46:30.18 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\PROPSYS.dll
13/2/2020 - 22:46:30.18 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\propsys.dll
13/2/2020 - 22:46:30.18 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\propsys.dll
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\shell32.dll
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\malware.exe.Local
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_
6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_
6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\winsxs\x86_microsoft.windows.common-controls_
6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705 d
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\Desktop
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\Desktop
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8
C:\mal ware.e xe
C:\Users\Behemot\Desktop\rundll32.exe
0
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e
xe C:\Users\Public\Desktop
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Public\Desktop
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Public\Desktop\rundll32.exe
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rundll32.exe
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\837Ir93aF.lnk
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\rundll32.exe
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\837Ir93aF.lnk
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\837Ir93aF.lnk
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\
13/2/2020 - 22:46:30.27 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows
13/2/2020 - 22:46:30.27 8
Writ e
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\837Ir93aF.lnk 837Ir93aF.lnk
13/2/2020 - 22:46:30.27 8
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\837Ir93aF.lnk 837Ir93aF.lnk
13/2/2020 - 22:46:30.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)
13/2/2020 - 22:46:30.29 3
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)
13/2/2020 - 22:46:30.48 1
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbieh.dll
13/2/2020 - 22:46:30.48 1
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:30.52 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wininet.dll
13/2/2020 - 22:46:30.52 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wininet.dll
13/2/2020 - 22:46:30.59 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbieh.dll
13/2/2020 - 22:46:30.59 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:30.63 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehabn.dll
13/2/2020 - 22:46:30.63 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:30.73 1
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehabn.dll
13/2/2020 - 22:46:30.73 1
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:30.80 9
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehcef.dll
13/2/2020 - 22:46:30.82 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:30.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehcef.dll
13/2/2020 - 22:46:30.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehuni.dll
13/2/2020 - 22:46:31.12
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehuni.dll
13/2/2020 - 22:46:31.59
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.15 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehscd.dll
13/2/2020 - 22:46:31.15 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.15 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehscd.dll
13/2/2020 - 22:46:31.15 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.24 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehisg.dll
13/2/2020 - 22:46:31.24 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
1
13/2/2020 - 22:46:31.29 3
Ope n
4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehisg.dll
13/2/2020 - 22:46:31.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.38 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehbnb.dll
13/2/2020 - 22:46:31.38 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.48 1
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehbnb.dll
13/2/2020 - 22:46:31.48 1
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.52 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehbnt.dll
13/2/2020 - 22:46:31.52 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.62 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehbnt.dll
13/2/2020 - 22:46:31.62 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.66 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehamz.dll
1
13/2/2020 - 22:46:31.66 8
Ope n
4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.76 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehamz.dll
13/2/2020 - 22:46:31.76 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.80 9
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehbmb.dll
13/2/2020 - 22:46:31.80 9
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.90 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehbmb.dll
13/2/2020 - 22:46:31.90 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 22:46:31.95 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\gbiehtec.dll
13/2/2020 - 22:46:31.95 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \GBPlugin\
13/2/2020 - 22:46:31.99 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin\gbiehtec.dll
13/2/2020 - 22:46:31.99 7
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\GBPlugin
13/2/2020 - 1
C:\mal
22:46:32.18 4
Ope n
4 8 0
ware.e xe
C:\Program Files \scpbrad\
13/2/2020 - 22:46:32.18 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files \scpbrad\
13/2/2020 - 22:46:32.18 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\scpbrad
13/2/2020 - 22:46:32.18 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Program Files (x86)\scpbrad
13/2/2020 - 22:46:32.46 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Monitor\winmgmts:\root\SecurityCenter
13/2/2020 - 22:46:32.46 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Monitor\winmgmts:\root\SecurityCenter
13/2/2020 - 22:46:32.46 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Monitor\winmgmts:\root\SecurityCenter
13/2/2020 - 22:46:32.46 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.dll
13/2/2020 - 22:46:32.51 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.dll
13/2/2020 - 22:46:32.79 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemcomn.dll
13/2/2020 - 22:46:32.79 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbemcomn.dll
13/2/2020 - 1
C:\mal
22:46:32.84 0
Ope n
4 8 0
ware.e xe
C:\Windows\SysWOW64\wbemcomn.dll
13/2/2020 - 22:46:33.40 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\Logs
13/2/2020 - 22:46:33.45 0
Unk now n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\Logs
13/2/2020 - 22:46:33.45 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\advapi32.dll
13/2/2020 - 22:46:33.45 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\advapi32.dll
13/2/2020 - 22:46:33.45 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemprox.dll
13/2/2020 - 22:46:33.45 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemprox.dll
13/2/2020 - 22:46:33.68 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wmiutils.dll
13/2/2020 - 22:46:33.68 4
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wmiutils.dll
13/2/2020 - 22:46:34.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemsvc.dll
13/2/2020 - 22:46:34.29 3
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemsvc.dll
13/2/2020 - Ope
1
4 C:\mal
22:46:34.76 2
n 8
0
ware.e xe
C:\Windows\SysWOW64\wbem\fastprox.dll
13/2/2020 - 22:46:34.76 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\fastprox.dll
13/2/2020 - 22:46:34.76 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\NTDSAPI.dll
13/2/2020 - 22:46:34.76 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\ntdsapi.dll
13/2/2020 - 22:46:34.76 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\ntdsapi.dll
13/2/2020 - 22:46:35.32 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\SXS.DLL
13/2/2020 - 22:46:35.32 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\sxs.dll
13/2/2020 - 22:46:35.32 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\sxs.dll
13/2/2020 - 22:46:35.32 5
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 Rea
1
4 C:\mal
ware.e C:\Windows\SysWOW64\wbem\wbemdisp.tlb
2 d 8 0
xe
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 Rea
1
4 C:\mal
ware.e C:\Windows\SysWOW64\wbem\wbemdisp.tlb
2 d 8 0
xe
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e
xe C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\wbem\wbemdisp.tlb
13/2/2020 - 22:46:35.37 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 Rea
d 1 4 8
C:\mal
ware.e C:\Windows\SysWOW64\stdole2.tlb
2 0 xe
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:35.37 2
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:36.26 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Monitor\winmgmts:\root\SecurityCenter2
13/2/2020 - 22:46:36.26 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Monitor\winmgmts:\root\SecurityCenter2
13/2/2020 - 22:46:36.26 2
Ope n
1 4 8
C:\mal ware.e xe
C:\Monitor\winmgmts:\root\SecurityCenter2
0
13/2/2020 - 22:46:38.87 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.87 2
Ope n
1 4 8 0
C:\mal ware.e
xe C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.87 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\webio.dll
13/2/2020 - 22:46:38.87 2
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\webio.dll
13/2/2020 - 22:46:38.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
0
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e
xe C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\winhttp.dll
13/2/2020 - 22:46:38.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
1
13/2/2020 - 22:46:38.91 8
Rea d
4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\stdole2.tlb
13/2/2020 - 22:46:38.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
1
13/2/2020 - 22:46:38.91 8
Ope n
4 8 0
C:\mal ware.e xe
C:\credssp.dll
13/2/2020 - 22:46:38.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\credssp.dll
13/2/2020 - 22:46:38.91 8
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\credssp.dll
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\Fonts\StaticCache.dat
13/2/2020 - 22:46:39.34 0
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\Fonts\StaticCache.dat StaticCache.dat
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\imageres.dll
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\imageres.dll
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\imageres.dll
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\pt-BR\imageres.dll.mui
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\System32\pt-BR\imageres.dll.mui
13/2/2020 - 22:46:39.34 0
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\pt\imageres.dll.mui
1
13/2/2020 - 22:46:39.34 0
Ope n
4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\en-US\imageres.dll.mui
13/2/2020 - 22:46:39.34 0
Rea d
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\en-US\imageres.dll.mui imageres.dll.mui
13/2/2020 - 22:46:39.35 6
Ope n
1 4 8 0
C:\mal ware.e
xe C:\Windows\SysWOW64\ole32.dll
13/2/2020 - 22:46:39.35 6
Ope n
1 4 8 0
C:\mal ware.e xe
C:\Windows\SysWOW64\ole32.dll
Process
Trace
Analysis
Reason Timeout
Status Sucessfully Executed
Results 1
Registry
Trace
13/2/2020 - 2 2:46:29.106
Wr ite
1 4 8 0
C:\malw
are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnabl e
13/2/2020 - 2 2:46:29.106
De let e
1 4 8 0
C:\malw
are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServe r
13/2/2020 - 2 2:46:29.106
De let e
1 4 8 0
C:\malw
are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyOverri de
13/2/2020 - 2 2:46:29.106
De let e
1 4 8 0
C:\malw
are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoConfig URL
13/2/2020 - 2 2:46:29.106
De let e
1 4 8 0
C:\malw
are.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoDetect
13/2/2020 - 2 2:46:29.106
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Connections
SavedLega cySettings
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap
ProxyBypas s
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap
IntranetNa me
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap
UNCAsIntra net
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap AutoDetect
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap
ProxyBypas s
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap
IntranetNa me
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap
UNCAsIntra net
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
ZoneMap AutoDetect
13/2/2020 - 2 2:46:29.340
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
5.0\Cache\Content CachePrefix
13/2/2020 - 2 2:46:29.356
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
5.0\Cache\Cookies CachePrefix
13/2/2020 - 2 2:46:29.356
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
5.0\Cache\History CachePrefix
13/2/2020 - 2 2:46:29.450
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi onReason
13/2/2020 - 2 2:46:29.450
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi onTime
13/2/2020 - 2 2:46:29.450
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi on
13/2/2020 - 2 2:46:29.450
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDetec tedUrl
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}
WpadDecisi onReason
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}
WpadDecisi onTime
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}
WpadDecisi on
1
13/2/2020 - 2 2:46:30.731
Wr ite
4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}
WpadNetw orkName
13/2/2020 - 2 2:46:30.731
De let e
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}
WpadDetec tedUrl
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi onReason
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi onTime
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi on
13/2/2020 - 2 2:46:30.731
De let e
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDetec tedUrl
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi onReason
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi onTime
13/2/2020 - 2 2:46:30.731
Wr ite
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDecisi on
13/2/2020 - 2 2:46:30.731
De let e
1 4 8 0
C:\malw are.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
Wpad\52-54-00-83-08-f3
WpadDetec tedUrl
File Summary
Created Identified: True
