Report #10665 check_circle

Binary
DLL
False cancel
Size
192.00KB
trid
88.6% Win32 Executable Microsoft Visual Basic 6
4.8% Win32 Executable
2.1% OS/2 Executable
2.1% Generic Win/DOS Executable
2.1% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
f09b1fdcc8258a06fa58858c0b84a9b7
sha1
df5da80716d23da56161848528a0451709ff6316
crc32
0x63a6d84f
sha224
0514be237d05c9f131f22d0e32a4079d72dfddb1b8fae2b3ce5e2c5c
sha256
ab48efe93d487cabcadf35c45354faa7d63e07b247b6ab763e96255987dcceb9
sha384
6d2803d95565e2cbc71ac742ba0dc142b8aa368495de8a233bf6c5db2bbaa7263202428cb74bcb6c9e2ddff184e45811
sha512
e43a7fac618a1cbf66e47540388b2a5e47e14509ee8fbfca5423b5591f285f4a129589307440c723e07ac9100f95a6fc7dc421fcb4dc892380f2e81563a66f31
ssdeep
1536:DAwLgtUmHCQmH99Ex58F8lD0/se6Fy0FRYCa4IZRK5jKgvghsyoLSC:swrcCQFaKlAUvwdIIZIsgI2yoz
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
Microsoft_Visual_Basic_v50_additional, domain, HasRichSignature, contentis_base64, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, SEH__vba, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
RUPE.exe
Ingenerated
Undenoted
Badmintonketsjerne9
EVENT_SINK_QueryInterface
VBA6.DLL
__vbaUI1I2
__vbaUI1I2
__vbaLateMemCall
__vbaLateMemCall
__vbaNew2
__vbaFpI4
__vbaNew2
__vbaFpI4
__vbaUI1Str
__vbaUI1Str
__vbaObjSetAddref
__vbaObjSetAddref
_adj_fdivr_m16i
_adj_fdivr_m32i
__vbaFpCDblR8
__vbaFpCDblR8
__vbaFreeVarList
__vbaFreeVarList
_adj_fdiv_m16i
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_m32
__vbaVarTstNe
__vbaVarTstNe
EVENT_SINK_AddRef
1.00.0006
1.00.0006
__vbaStrMove
__vbaFreeStr
__vbaFreeObj
__vbaVarMove
__vbaFreeVar
__vbaStrMove
__vbaVarMove
__vbaFreeVar
__vbaFreeStr
__vbaFreeObj
EVENT_SINK_Release
__vbaVarDup
__vbaVarDup
MSVBVM60.DLL
MSVBVM60.DLL
_adj_fprem1
_adj_fdivr_m64
_adj_fdivr_m32
__vbaLenBstrB
__vbaLenBstrB
__vbaStrCopy
__vbaStrCopy
__vbaStrCmp
__vbaStrCat
__vbaStrCat
__vbaStrCmp
MEGALICHT
MEGALICHT
__vbaChkstk
PROOFREAD
Ethmofrontal6
_adj_fprem
CATALEPTICALLY
_adj_fptan
_adj_fpatan
Seicento8
Seicento8
HEXACHLOROCYCLOHEXANE
APPROVABLENESS
Sykofant6
LUFTGENER
Dobbeltbilletten6
Unsynchronizeds6
ELECTROGRAPH
FROKOSTAVIS
Ischocholia1
HEJRERNESP
OXYOSPHRE
OXYOSPHRE
NONENTHUSIASTIC
Preshelter6
Suprafine9
Priceless7
Arbejdsbesparelse1
Comments
Bvendesu4
Humusvid9
Busuutif2
Surmiser7
Puxysemi4
Surmiser7
Humusvid9
Toxaemia4
Bvendesu4
Sageship6
Puxysemi4

Foremost
Matches
0.exe, 192 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MSVBVM60.DLL, VBA6.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 8192
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 251206
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5612
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvbvm60.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2009-12-13 22:34:27
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0 - v6.0, Microsoft Visual Basic v5.0

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 19

pushpopmath
.text: 4

garbagebytes
.text: 17

hookdetection
.text: 3

software breakpoint
.text: 1

programcontrolflowchange
.text: 17

cpuinstructionsresultscomparison
.rsrc: 2
.text: 16

AVclass
gamarue
1
VirusTotal
md5
f09b1fdcc8258a06fa58858c0b84a9b7
sha1
df5da80716d23da56161848528a0451709ff6316
SCANS (DETECTION RATE = 68.06%)
AVG
result: Win32:Trojan-gen
update: 20200426
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=85)
update: 20200427
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200425
version: 6.15
detected: True check_circle

Bkav
update: 20200425
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005654121 )
update: 20200427
version: 11.104.33905
detected: True check_circle

ALYac
result: Trojan.GenericKD.33713752
update: 20200427
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20200426
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Injector.gcybv
update: 20200427
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/VBInject.ADJ.gen!Eldorado
update: 20200427
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.DownLoader33.36001
update: 20200427
version: 7.0.46.3050
detected: True check_circle

GData
result: Win32.Trojan-Downloader.Dagurleo.J96FBA
update: 20200427
version: A:25.25517B:26.18521
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200426
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200424
version: 4.3.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200427
version: 83284
detected: True check_circle

Zoner
update: 20200426
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Trojan.Generic-7683933-0
update: 20200426
version: 0.102.2.0
detected: True check_circle

Comodo
result: Malware@#3gcql1fiq8ell
update: 20200426
version: 32373
detected: True check_circle

F-Prot
result: W32/VBInject.ADJ.gen!Eldorado
update: 20200427
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.VB.Crypt
update: 20200426
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FSL!F09B1FDCC825
update: 20200427
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Androm!8.113 (CLOUD)
update: 20200427
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200427
version: 4.98.0
detected: True check_circle

Yandex
update: 20200426
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200424
version: 2.0.0.4077
detected: False cancel

Acronis
result: suspicious
update: 20200422
version: 1.1.1.75
detected: True check_circle

Alibaba
result: Backdoor:Win32/Androm.521ea75d
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2026E58
update: 20200427
version: 1.0.0.871
detected: True check_circle

Cylance
result: Unsafe
update: 20200427
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20200226
version: 3.0.17
detected: False cancel

FireEye
update: 20200316
version: 32.31.0.0
detected: False cancel

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200427
version: 2020-04-27.01
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200427
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200426
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Malware.Gen
update: 20200427
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_81%
update: 20200427
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33713752
update: 20200427
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Multi.Generic.4!c
update: 20200427
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33713752 (B)
update: 20200427
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Injector.gcybv
update: 20200427
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GenKryptik.EIZG!tr
update: 20200427
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200407
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200426
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200427
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200427
version: 1.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20200123
version: 3.2.22.914
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.VBKrypt.R333878
update: 20200427
version: 3.17.5.27267
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Win32.Androm
update: 20200427
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Backdoor.Win32.Androm.tzgf
update: 20200427
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200425
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20200427
version: 1.1.16900.4
detected: True check_circle

Qihoo-360
result: Win32/Backdoor.f45
update: 20200427
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Backdoor.Win32.Androm.tzgf
update: 20200427
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of Win32/Injector.ELOZ
update: 20200427
version: 21231
detected: True check_circle

TrendMicro
result: TROJ_FRS.VSNTDO20
update: 20200427
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33713752
update: 20200427
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200407
version: 11.102.33708
detected: False cancel

SentinelOne
update: 20200406
version: 2.1.0.89
detected: False cancel

Avast-Mobile
update: 20200424
version: 200424-00
detected: False cancel

Malwarebytes
result: Trojan.GuLoader
update: 20200427
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200426
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200427
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200427
version: 1.0.134.25032
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZevbaCO.34106.mm0@aufGM!gi
update: 20200408
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33713752
update: 20200427
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200424
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Fareit-FSL!F09B1FDCC825
update: 20200426
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_FRS.VSNTDO20
update: 20200427
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
ab48efe93d487cabcadf35c45354faa7d63e07b247b6ab763e96255987dcceb9
scan_id
ab48efe93d487cabcadf35c45354faa7d63e07b247b6ab763e96255987dcceb9-1587961464
resource
f09b1fdcc8258a06fa58858c0b84a9b7
positives
49
scan_date
2020-04-27 04:24:24
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 11:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:45:42.637Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:45:42.731Open1480C:\malware.exeC:\VERSION.DLL
24/6/2020 - 11:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:45:42.731Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:45:42.731Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:45:42.731Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:45:42.731Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:45:42.731Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:14.309Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.356Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.403Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.450Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.497Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.543Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.590Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.637Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.684Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.731Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.778Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.825Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.872Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.918Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:14.965Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.59Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.153Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.200Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.247Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.293Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.340Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.387Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.434Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.481Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.528Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.575Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.622Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.668Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.715Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.762Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.809Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.856Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.903Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.950Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:15.997Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.43Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.90Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.137Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.184Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.231Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.278Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.325Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.372Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.465Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.512Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.559Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.606Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.653Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.700Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.747Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.793Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.840Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.887Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.934Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:16.981Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.75Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.122Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.215Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.262Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.309Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.356Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.403Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.450Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.497Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.543Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.590Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.637Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.684Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.731Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.778Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.825Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.872Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.918Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:17.965Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.59Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.153Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.200Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.247Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.293Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.340Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.387Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.434Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.481Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.528Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.575Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.622Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.668Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.715Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.762Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.809Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.856Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.903Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.950Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:18.997Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.43Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.90Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.137Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.184Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.231Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.278Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.325Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.372Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.465Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.512Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.559Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.606Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.653Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.700Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.747Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.793Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.840Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.887Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.934Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:19.981Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.75Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.122Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.215Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.262Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.309Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.356Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.403Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.450Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.497Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.543Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.590Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.637Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.684Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.731Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.778Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.825Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.872Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.918Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:20.965Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.59Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.153Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.200Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.247Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.293Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.340Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.387Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.434Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.481Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.528Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.575Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.622Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.668Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.715Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.762Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.809Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.856Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.903Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.950Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:21.997Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.43Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.90Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.137Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.184Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.231Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.278Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.325Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.372Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.465Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.512Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.559Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.606Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.653Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.700Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.747Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.793Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.840Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.887Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.934Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:22.981Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.75Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.122Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.215Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.262Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.309Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.356Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.403Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.450Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.497Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.543Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.590Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.637Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.684Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.731Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.778Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.825Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.872Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.918Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:23.965Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.59Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.153Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.200Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.247Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.293Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.340Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.387Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.434Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.481Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.528Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.575Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.622Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.668Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.715Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.762Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.809Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.856Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.903Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.950Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:24.997Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.43Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.90Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.137Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.184Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.231Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.278Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.325Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.372Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.465Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.512Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.559Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.606Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.653Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.700Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.747Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.793Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.840Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.887Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.934Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:25.981Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.28Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.75Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.122Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.215Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.262Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.309Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.356Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.403Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.450Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.497Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.543Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.590Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.637Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.684Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.731Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.778Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.825Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.872Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.918Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:26.965Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.59Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.153Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.200Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.247Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.293Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.340Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.387Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.418Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:27.465Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:35.559Open1480C:\malware.exeC:\ProgramData\qemu-ga\qga.state
24/6/2020 - 11:46:35.559Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.559Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.559Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.559Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.559Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.559Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 11:46:35.559Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 11:46:35.575Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.575Open1480C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Users
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Users
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 11:46:35.622Read2432C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 11:46:35.622Open2432C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Monitor\Malware
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Monitor\Malware
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Monitor\Malware
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\Fonts
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\Fonts
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\Fonts
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\Globalization
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\Globalization
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\Globalization
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\System32
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\System32
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\System32
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:35.622Open2432C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:35.622Unknown2432C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 11:46:35.622Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 11:46:35.622Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:35.637Read2432C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 11:46:35.637Read2432C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:35.637Unknown2432C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:35.637Open2432C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.653Unknown2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:35.653Open2432C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:35.653Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 11:46:35.653Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 11:46:35.653Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:35.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:35.668Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.668Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.668Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.668Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.668Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:35.668Open2432C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:37.528Open2432C:\malware.exeC:\ProgramData\qemu-ga\qga.state
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.543Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.543Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.543Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.543Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.543Unknown2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.543Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:37.543Read2432C:\malware.exeC:\malware.exe
24/6/2020 - 11:46:37.543Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.590Write2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.590Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.590Open2432C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 11:46:37.590Unknown2432C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:46:37.590Open2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:37.590Unknown2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:37.590Open2432C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 11:46:37.590Open2432C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 11:46:37.590Open2432C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:37.590Open2432C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.637Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\PROPSYS.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\malware.exe.Local
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:37.637Unknown2432C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 11:46:37.637Unknown2432C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
24/6/2020 - 11:46:37.637Read2432C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\System32\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 11:46:37.637Open2432C:\malware.exeC:\Windows\System32\propsys.dll
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Music\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Music\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.747Open2432C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
24/6/2020 - 11:46:37.747Read2432C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Users\Behemot\Links\desktop.ini
24/6/2020 - 11:46:37.762Read2432C:\malware.exeC:\Users\Behemot\Links\desktop.ini
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
24/6/2020 - 11:46:37.762Read2432C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\apphelp.dll
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:37.762Unknown2432C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.762Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.778Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.778Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.778Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.778Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.778Read2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.778Read2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.793Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.793Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.793Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\version.DLL
24/6/2020 - 11:46:37.793Open2432C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Secur32.dll
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:46:37.809Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:46:37.809Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.809Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.809Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.809Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.809Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.809Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:46:37.825Open2432C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:46:37.825Unknown2432C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:46:37.887Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.887Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.887Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.887Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.887Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.887Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat:Zone.Identifier
24/6/2020 - 11:46:37.934Open2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:37.934Unknown2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:37.934Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.934Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.934Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.934Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.934Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.934Write2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.981Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Read2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.981Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.997Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.997Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.997Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.997Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.997Unknown2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:37.997Open2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.vbs
24/6/2020 - 11:46:37.997Write2432C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.vbs
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Prefetch\NEDKULRE.BAT-1ED0B8EB.pf
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64log.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:46:37.997Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Monitor
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\MSVBVM60.DLL
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:37.997Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 11:46:38.12Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\VB6PT.DLL
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:38.12Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:46:38.75Unknown2432C:\malware.exeC:\Windows
24/6/2020 - 11:46:38.75Unknown2432C:\malware.exeC:\Monitor
24/6/2020 - 11:46:38.75Unknown2432C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat.cfg
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\SXS.DLL
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\C_932.NLS
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\C_949.NLS
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\C_950.NLS
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\C_936.NLS
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\dwmapi.dll
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:46:38.75Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:46:38.90Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 11:46:38.90Read2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:46:38.90Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:46:38.90Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:46:38.90Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:46:38.90Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:46:38.106Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\VERSION.DLL
24/6/2020 - 11:46:38.106Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:38.106Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:46:38.106Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:38.106Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:38.106Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:38.106Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\ProgramData\qemu-ga\qga.state
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.215Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.215Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.215Read2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Prefetch\NEDKULRE.BAT-1ED0B8EB.pf
24/6/2020 - 11:47:0.278Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Prefetch\NEDKULRE.BAT-1ED0B8EB.pfNEDKULRE.BAT-1ED0B8EB.pf
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat\Device\HarddiskVolume2
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\ntdll.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\ntdll.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\kernel32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\kernel32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\user32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\user32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\apisetschema.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\locale.nls
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\locale.nls
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\user32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\user32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:47:0.278Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:47:0.278Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\locale.nls
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\ntdll.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\kernel32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\user32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\user32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat\Device\HarddiskVolume2
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64win.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64cpu.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\System32\wow64log.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Monitor
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.309Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\
24/6/2020 - 11:47:0.309Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.309Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.309Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.309Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.309Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:0.309Open2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:0.606Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows
24/6/2020 - 11:47:0.606Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Monitor
24/6/2020 - 11:47:0.606Unknown2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\ProgramData\qemu-ga\qga.state
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:2.137Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\
24/6/2020 - 11:47:2.137Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:2.137Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.137Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:2.137Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.137Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\version.DLL
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:47:2.137Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\version.dll
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\Secur32.dll
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 11:47:2.200Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:47:2.200Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:47:2.200Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:47:2.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:47:2.200Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 11:47:2.247Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
24/6/2020 - 11:47:2.247Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 11:47:2.247Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 11:47:2.247Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\webio.dll
24/6/2020 - 11:47:2.247Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\webio.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\IPHLPAPI.DLL
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\WINNSI.DLL
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\api-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 11:47:2.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 11:47:2.293Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\DNSAPI.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 11:47:2.293Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 11:47:2.340Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 11:47:2.340Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 11:47:2.340Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 11:47:2.340Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 11:47:2.387Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 11:47:2.387Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 11:47:2.434Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\netprofm.dll
24/6/2020 - 11:47:2.434Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\netprofm.dll
24/6/2020 - 11:47:2.434Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 11:47:2.434Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 11:47:2.481Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\dhcpcsvc6.DLL
24/6/2020 - 11:47:2.481Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 11:47:2.481Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 11:47:2.481Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 11:47:2.481Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 11:47:2.528Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\dhcpcsvc.DLL
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 11:47:2.528Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\CRYPTSP.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\RpcRtRemote.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 11:47:2.543Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 11:47:2.543Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 11:47:2.543Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 11:47:2.606Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\rasadhlp.dll
24/6/2020 - 11:47:2.606Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rasadhlp.dll
24/6/2020 - 11:47:2.606Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\rasadhlp.dll
24/6/2020 - 11:47:2.606Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 11:47:2.606Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 11:47:2.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\npmproxy.dll
24/6/2020 - 11:47:2.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\npmproxy.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wininet.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat.Local
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:47:2.778Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\WindowsShell.Manifest
24/6/2020 - 11:47:2.778Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ws2_32.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ws2_32.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:2.778Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\credssp.dll
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\credssp.dll
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\credssp.dll
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\schannel.dll
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\schannel.dll
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:4.497Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:4.497Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:4.497Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:4.497Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\ncrypt.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ncrypt.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\ncrypt.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\bcrypt.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 11:47:4.575Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 11:47:4.575Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 11:47:4.575Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 11:47:4.590Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:4.590Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:4.590Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:4.590Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:4.590Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:4.590Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:4.590Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\GPAPI.dll
24/6/2020 - 11:47:4.590Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 11:47:4.590Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:4.668Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:4.668Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:4.668Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 11:47:4.668Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 11:47:4.668Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\qagentrt.dll
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 11:47:4.668Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 11:47:4.684Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\cryptnet.dll
24/6/2020 - 11:47:4.684Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptnet.dll
24/6/2020 - 11:47:4.684Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\cryptnet.dll
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\SensApi.dll
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\SensApi.dll
24/6/2020 - 11:47:4.700Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\SensApi.dll
24/6/2020 - 11:47:4.762Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.762Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.762Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.762Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.762Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.762Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\WINHTTP.dll
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\Local\Temp\Reth\webio.dll
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\webio.dll
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\webio.dll
24/6/2020 - 11:47:4.809Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
24/6/2020 - 11:47:4.903Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wininet.dll
24/6/2020 - 11:47:4.903Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Windows\SysWOW64\wininet.dll
24/6/2020 - 11:47:4.918Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.918Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.918Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.918Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.918Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:4.997Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:4.997Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_15145278D40BAF22721984D91B9DFB33
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.12Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7
24/6/2020 - 11:47:5.59Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.59Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.59Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.59Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.59Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.59Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.200Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.200Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.200Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 11:47:5.262Open1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Read1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 11:47:5.262Unknown1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49

Process
Trace
24/6/2020 - 11:46:35.559Create1480C:\malware.exe2432C:\malware.exe
24/6/2020 - 11:46:37.981Create2432C:\malware.exe2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:46:38.75Terminate1480C:\malware.exe2432C:\malware.exe
24/6/2020 - 11:47:0.215Create2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat
24/6/2020 - 11:47:0.606Terminate2432C:\malware.exe2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 11:46:35.637Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceJudicious5
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 11:46:37.809Write2432C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 11:47:0.309Write2820C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceJudicious5
24/6/2020 - 11:47:2.293Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
24/6/2020 - 11:47:2.293Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
24/6/2020 - 11:47:2.293Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
24/6/2020 - 11:47:2.293Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
24/6/2020 - 11:47:2.293Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
24/6/2020 - 11:47:2.293Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
24/6/2020 - 11:47:2.528Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
24/6/2020 - 11:47:2.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
24/6/2020 - 11:47:2.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
24/6/2020 - 11:47:2.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
24/6/2020 - 11:47:2.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
24/6/2020 - 11:47:4.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 11:47:4.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 11:47:4.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 11:47:4.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 11:47:4.668Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 11:47:4.684Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
24/6/2020 - 11:47:4.684Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
24/6/2020 - 11:47:4.684Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
24/6/2020 - 11:47:4.684Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.bat\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
24/6/2020 - 11:47:5.200Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
24/6/2020 - 11:47:5.200Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
24/6/2020 - 11:47:5.200Write1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
24/6/2020 - 11:47:5.200Delete1764C:\Users\Behemot\AppData\Local\Temp\Reth\nedkulre.batHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code drive.google.com.
computer localhost arrow_forward computer gateway:DNS code drive.google.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.

Response
computer gateway:DNS arrow_forward computer localhost code drive.google.com. reply_all 172.217.30.110

computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 216.58.202.3


TCP
Info
computer localhost:65243 arrow_forward 172.217.30.110:443
computer localhost:65299 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65290
computer localhost:65217 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65223
172.217.30.110:443 arrow_forward computer localhost:65306
172.217.30.110:443 arrow_forward computer localhost:65248
172.217.30.110:443 arrow_forward computer localhost:65267
172.217.30.110:443 arrow_forward computer localhost:65280
computer localhost:65285 arrow_forward 172.217.30.110:443
computer localhost:65228 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65236
172.217.30.110:443 arrow_forward computer localhost:65270
172.217.30.110:443 arrow_forward computer localhost:65285
172.217.30.110:443 arrow_forward computer localhost:65215
172.217.30.110:443 arrow_forward computer localhost:65339
172.217.30.110:443 arrow_forward computer localhost:65291
172.217.30.110:443 arrow_forward computer localhost:65191
172.217.30.110:443 arrow_forward computer localhost:65222
172.217.30.110:443 arrow_forward computer localhost:65307
172.217.30.110:443 arrow_forward computer localhost:65247
computer localhost:65203 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65266
computer localhost:65249 arrow_forward 172.217.30.110:443
computer localhost:65282 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65237
computer localhost:65254 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65271
computer localhost:65322 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65216
computer localhost:65308 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65341
172.217.30.110:443 arrow_forward computer localhost:65292
computer localhost:65259 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65225
172.217.30.110:443 arrow_forward computer localhost:65304
computer localhost:65220 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65246
computer localhost:65219 arrow_forward 172.217.30.110:443
computer localhost:65295 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65261
172.217.30.110:443 arrow_forward computer localhost:65286
computer localhost:65250 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65234
computer localhost:65196 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65276
computer localhost:65329 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65217
172.217.30.110:443 arrow_forward computer localhost:65300
172.217.30.110:443 arrow_forward computer localhost:65293
172.217.30.110:443 arrow_forward computer localhost:65197
172.217.30.110:443 arrow_forward computer localhost:65224
172.217.30.110:443 arrow_forward computer localhost:65305
172.217.30.110:443 arrow_forward computer localhost:65245
172.217.30.110:443 arrow_forward computer localhost:65314
172.217.30.110:443 arrow_forward computer localhost:65260
computer localhost:65207 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65203
172.217.30.110:443 arrow_forward computer localhost:65235
172.217.30.110:443 arrow_forward computer localhost:65277
computer localhost:65287 arrow_forward 172.217.30.110:443
computer localhost:65202 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65218
computer localhost:65315 arrow_forward 172.217.30.110:443
computer localhost:65216 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65196
172.217.30.110:443 arrow_forward computer localhost:65227
computer localhost:65291 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65294
172.217.30.110:443 arrow_forward computer localhost:65253
172.217.30.110:443 arrow_forward computer localhost:65244
computer localhost:65213 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65263
172.217.30.110:443 arrow_forward computer localhost:65284
computer localhost:65278 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65202
computer localhost:65193 arrow_forward 172.217.30.110:443
computer localhost:65260 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65232
172.217.30.110:443 arrow_forward computer localhost:65274
computer localhost:65270 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65219
172.217.30.110:443 arrow_forward computer localhost:65295
172.217.30.110:443 arrow_forward computer localhost:65195
172.217.30.110:443 arrow_forward computer localhost:65226
172.217.30.110:443 arrow_forward computer localhost:65243
172.217.30.110:443 arrow_forward computer localhost:65262
computer localhost:65192 arrow_forward 216.58.202.3:80
172.217.30.110:443 arrow_forward computer localhost:65201
172.217.30.110:443 arrow_forward computer localhost:65233
computer localhost:65293 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65275
172.217.30.110:443 arrow_forward computer localhost:65327
computer localhost:65258 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65194
172.217.30.110:443 arrow_forward computer localhost:65315
computer localhost:65268 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65242
computer localhost:65294 arrow_forward 172.217.30.110:443
computer localhost:65314 arrow_forward 172.217.30.110:443
computer localhost:65265 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65200
172.217.30.110:443 arrow_forward computer localhost:65230
172.217.30.110:443 arrow_forward computer localhost:65319
computer localhost:65326 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65328
computer localhost:65236 arrow_forward 172.217.30.110:443
computer localhost:65309 arrow_forward 172.217.30.110:443
computer localhost:65225 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65297
computer localhost:65201 arrow_forward 172.217.30.110:443
computer localhost:65239 arrow_forward 172.217.30.110:443
computer localhost:65321 arrow_forward 172.217.30.110:443
computer localhost:65271 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65241
computer localhost:65245 arrow_forward 172.217.30.110:443
computer localhost:65231 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65338
172.217.30.110:443 arrow_forward computer localhost:65207
computer localhost:65328 arrow_forward 172.217.30.110:443
computer localhost:65333 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65231
computer localhost:65191 arrow_forward 172.217.30.110:443
computer localhost:65204 arrow_forward 172.217.30.110:443
computer localhost:65325 arrow_forward 172.217.30.110:443
computer localhost:65240 arrow_forward 172.217.30.110:443
computer localhost:65283 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65317
172.217.30.110:443 arrow_forward computer localhost:65240
172.217.30.110:443 arrow_forward computer localhost:65324
172.217.30.110:443 arrow_forward computer localhost:65206
computer localhost:65261 arrow_forward 172.217.30.110:443
computer localhost:65221 arrow_forward 172.217.30.110:443
computer localhost:65277 arrow_forward 172.217.30.110:443
computer localhost:65340 arrow_forward 172.217.30.110:443
computer localhost:65264 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65337
172.217.30.110:443 arrow_forward computer localhost:65199
172.217.30.110:443 arrow_forward computer localhost:65316
computer localhost:65311 arrow_forward 172.217.30.110:443
computer localhost:65197 arrow_forward 172.217.30.110:443
computer localhost:65234 arrow_forward 172.217.30.110:443
computer localhost:65247 arrow_forward 172.217.30.110:443
computer localhost:65274 arrow_forward 172.217.30.110:443
computer localhost:65279 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65205
computer localhost:65317 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65308
computer localhost:65244 arrow_forward 172.217.30.110:443
computer localhost:65256 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65336
172.217.30.110:443 arrow_forward computer localhost:65198
172.217.30.110:443 arrow_forward computer localhost:65258
computer localhost:65320 arrow_forward 172.217.30.110:443
computer localhost:65312 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65269
172.217.30.110:443 arrow_forward computer localhost:65204
172.217.30.110:443 arrow_forward computer localhost:65229
computer localhost:65253 arrow_forward 172.217.30.110:443
computer localhost:65290 arrow_forward 172.217.30.110:443
computer localhost:65233 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65289
172.217.30.110:443 arrow_forward computer localhost:65329
computer localhost:65289 arrow_forward 172.217.30.110:443
computer localhost:65194 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65335
172.217.30.110:443 arrow_forward computer localhost:65259
computer localhost:65242 arrow_forward 172.217.30.110:443
computer localhost:65230 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65268
computer localhost:65292 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65228
172.217.30.110:443 arrow_forward computer localhost:65309
computer localhost:65205 arrow_forward 172.217.30.110:443
computer localhost:65235 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65320
computer localhost:65284 arrow_forward 172.217.30.110:443
computer localhost:65218 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65334
computer localhost:65241 arrow_forward 172.217.30.110:443
computer localhost:65200 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65313
computer localhost:65267 arrow_forward 172.217.30.110:443
computer localhost:65215 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65342
computer localhost:65257 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65255
computer localhost:65300 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65298
172.217.30.110:443 arrow_forward computer localhost:65325
computer localhost:65336 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65310
172.217.30.110:443 arrow_forward computer localhost:65318
computer localhost:65262 arrow_forward 172.217.30.110:443
computer localhost:65310 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65288
172.217.30.110:443 arrow_forward computer localhost:65333
computer localhost:65275 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65312
computer localhost:65199 arrow_forward 172.217.30.110:443
computer localhost:65305 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65278
172.217.30.110:443 arrow_forward computer localhost:65299
172.217.30.110:443 arrow_forward computer localhost:65209
computer localhost:65238 arrow_forward 172.217.30.110:443
computer localhost:65337 arrow_forward 172.217.30.110:443
computer localhost:65251 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65332
172.217.30.110:443 arrow_forward computer localhost:65254
computer localhost:65210 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65279
computer localhost:65313 arrow_forward 172.217.30.110:443
computer localhost:65306 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65340
computer localhost:65297 arrow_forward 172.217.30.110:443
computer localhost:65302 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65208
computer localhost:65252 arrow_forward 172.217.30.110:443
computer localhost:65316 arrow_forward 172.217.30.110:443
computer localhost:65341 arrow_forward 172.217.30.110:443
computer localhost:65318 arrow_forward 172.217.30.110:443
computer localhost:65263 arrow_forward 172.217.30.110:443
computer localhost:65301 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65331
computer localhost:65237 arrow_forward 172.217.30.110:443
computer localhost:65335 arrow_forward 172.217.30.110:443
computer localhost:65226 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65302
computer localhost:65269 arrow_forward 172.217.30.110:443
computer localhost:65255 arrow_forward 172.217.30.110:443
computer localhost:65338 arrow_forward 172.217.30.110:443
computer localhost:65319 arrow_forward 172.217.30.110:443
computer localhost:65198 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65287
computer localhost:65273 arrow_forward 172.217.30.110:443
computer localhost:65330 arrow_forward 172.217.30.110:443
computer localhost:65288 arrow_forward 172.217.30.110:443
216.58.202.3:80 arrow_forward computer localhost:65192
172.217.30.110:443 arrow_forward computer localhost:65256
172.217.30.110:443 arrow_forward computer localhost:65296
computer localhost:65214 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65210
computer localhost:65307 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65321
computer localhost:65211 arrow_forward 172.217.30.110:443
computer localhost:65281 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65249
172.217.30.110:443 arrow_forward computer localhost:65330
computer localhost:65296 arrow_forward 172.217.30.110:443
computer localhost:65223 arrow_forward 172.217.30.110:443
computer localhost:65272 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65257
computer localhost:65304 arrow_forward 172.217.30.110:443
computer localhost:65266 arrow_forward 172.217.30.110:443
computer localhost:65342 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65211
172.217.30.110:443 arrow_forward computer localhost:65326
computer localhost:65195 arrow_forward 172.217.30.110:443
computer localhost:65334 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65322
computer localhost:65209 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65303
computer localhost:65303 arrow_forward 172.217.30.110:443
computer localhost:65276 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65283
computer localhost:65248 arrow_forward 172.217.30.110:443
computer localhost:65298 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65250
computer localhost:65246 arrow_forward 172.217.30.110:443
computer localhost:65323 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65212
computer localhost:65224 arrow_forward 172.217.30.110:443
computer localhost:65327 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65323
172.217.30.110:443 arrow_forward computer localhost:65221
computer localhost:65229 arrow_forward 172.217.30.110:443
computer localhost:65280 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65265
172.217.30.110:443 arrow_forward computer localhost:65282
computer localhost:65332 arrow_forward 172.217.30.110:443
computer localhost:65227 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65251
172.217.30.110:443 arrow_forward computer localhost:65238
172.217.30.110:443 arrow_forward computer localhost:65272
172.217.30.110:443 arrow_forward computer localhost:65213
computer localhost:65339 arrow_forward 172.217.30.110:443
computer localhost:65222 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65193
172.217.30.110:443 arrow_forward computer localhost:65220
computer localhost:65324 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65301
computer localhost:65331 arrow_forward 172.217.30.110:443
computer localhost:65232 arrow_forward 172.217.30.110:443
computer localhost:65212 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65264
172.217.30.110:443 arrow_forward computer localhost:65281
computer localhost:65206 arrow_forward 172.217.30.110:443
computer localhost:65208 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65252
172.217.30.110:443 arrow_forward computer localhost:65239
172.217.30.110:443 arrow_forward computer localhost:65311
172.217.30.110:443 arrow_forward computer localhost:65273
computer localhost:65286 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65214

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFb63M0OvvAcCAAAAABDVec%3D
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 84.53%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 72.46%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 71.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 93.51%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download