Report #10757 check_circle

Binary
DLL
False cancel
Size
100.00KB
trid
82.7% Win32 Executable Microsoft Visual Basic 6
6.6% Win32 Dynamic Link Library
4.5% Win32 Executable
2.0% OS/2 Executable
2.0% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
57840469d4245d18e860dbf076b050bf
sha1
e4a158e620709a5a580b55ea9511f0e16f9c5979
crc32
0xa5b58064
sha224
52a4804310a2d0dcbeefb81ef9502bc5b711bfaa020c4e0ae934e666
sha256
66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312
sha384
86ae93ba550bc99f808bdcbc2733cced1685e71982832659613c241c9b97583fc8ae9068bc6dbb849bc6539e0f71338b
sha512
16e0f47f26d689f99ab0d56cea313191bd5842c8eb0eb61bd561bb24a56e92aea286ac8af7e3942f151ed83985b406c4f9434d0b898bbf2230cc8d01e272548f
ssdeep
1536:3YgdxhoHtv3mYiMopb+StdV0o1bcaeMFWTkMaH:NhUtPmoosYV0m7H
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
Microsoft_Visual_Basic_v50_additional, domain, HasRichSignature, contentis_base64, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, SEH__vba, IsWindowsGUI

Suspicious
True check_circle

Strings
List
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
FORBANDS.exe
EVENT_SINK_QueryInterface
VBA6.DLL
__vbaVarLateMemCallLd
__vbaVarLateMemCallLd
__vbaI2I4
__vbaI2I4
__vbaFpI4
__vbaNew2
__vbaNew2
__vbaFpI4
__vbaUI1Str
__vbaUI1Str
__vbaR8Str
__vbaR8Sgn
__vbaR8Str
__vbaR8Sgn
__vbaObjSetAddref
__vbaObjSetAddref
_adj_fdivr_m32i
_adj_fdivr_m16i
__vbaFreeStrList
__vbaFreeVarList
__vbaFreeVarList
__vbaFreeStrList
__vbaFpR8
__vbaFpR8
_adj_fdiv_m16i
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_m32
__vbaVarTstNe
__vbaVarTstNe
EVENT_SINK_AddRef
__vbaStrMove
__vbaFreeObj
__vbaCastObj
__vbaStrMove
__vbaFreeVar
__vbaCastObj
__vbaVarMove
__vbaFreeStr
__vbaFreeStr
__vbaFreeVar
__vbaVarMove
__vbaFreeObj
EVENT_SINK_Release
__vbaVarDup
__vbaVarDup
__vbaObjSet
__vbaObjSet
MSVBVM60.DLL
MSVBVM60.DLL
_adj_fprem1
_adj_fdivr_m32
_adj_fdivr_m64
__vbaCyStr
__vbaCyStr
[O.NM||
6Sh/qeU
__vbaFpCmpCy
__vbaFpCmpCy
__vbaStrCopy
__vbaStrCopy
__vbaStrCat
__vbaStrCat
__vbaStrCmp
__vbaStrCmp
__vbaChkstk
_adj_fprem
Yat6V7xs182
_adj_fptan
_adj_fpatan
tr9=dtA
Impersp8
Comments
LATTERBRLE
Bedeadvks3
Bedeadvks3
Salgsafgi2
Salgsafgi2
Vinylen6
SKAMPLETTE
_adj_fdiv_r
Hypermet3
Nedrustnin2
Nedrustnin2
Nedrustnin2
Nedrustnin2
CompanyName
APPRETER
APPRETER
ENGIRTEXU
ENAMORATO
PARABOLEN
ENAMORATO
FELLANIMO
ENGIRTEXU
BIAVLERNE

Foremost
Matches
0.exe, 100 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MSVBVM60.DLL, VBA6.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 8192
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 106785
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4932
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvbvm60.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-03-29 04:51:14
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0, Microsoft Visual Basic v5.0 - v6.0

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 22

nopsequence
.text: 7

pushpopmath
.text: 3

garbagebytes
.text: 16

programcontrolflowchange
.text: 16

cpuinstructionsresultscomparison
.rsrc: 2
.text: 2

AVclass
gamarue
1
VirusTotal
md5
57840469d4245d18e860dbf076b050bf
sha1
e4a158e620709a5a580b55ea9511f0e16f9c5979
SCANS (DETECTION RATE = 79.71%)
CMC
update: 20200615
version: 2.7.2019.1
detected: False cancel

MAX
update: 20200615
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20200613
version: 6.36
detected: True check_circle

Bkav
update: 20200615
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005639201 )
update: 20200615
version: 11.114.34403
detected: True check_circle

ALYac
result: Trojan.Agent.Vebzenpak
update: 20200615
version: 1.1.1.5
detected: True check_circle

Avira
result: TR/Agent.jgmz
update: 20200615
version: 8.3.3.8
detected: True check_circle

Cynet
result: Malicious (score: 85)
update: 20200615
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/Kryptik.BIF.gen!Eldorado
update: 20200615
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.30130
update: 20200615
version: 7.0.46.3050
detected: True check_circle

GData
result: Win32.Trojan-Downloader.Dagurleo.9AUBBT
update: 20200615
version: A:25.25927B:27.19099
detected: True check_circle

Panda
result: Trj/WLT.F
update: 20200614
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.Trojan.Azden
update: 20200615
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200615
version: 84484
detected: True check_circle

Zoner
update: 20200615
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Dropper.Remcos-7647550-0
update: 20200614
version: 0.102.3.0
detected: True check_circle

Comodo
result: Malware@#v2zjyfty7ykh
update: 20200615
version: 32538
detected: True check_circle

McAfee
result: Fareit-FRR!57840469D424
update: 20200615
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Androm!8.113 (KTSE)
update: 20200615
version: 25.0.0.25
detected: True check_circle

Sophos
result: Troj/Zbot-OQZ
update: 20200615
version: 4.98.0
detected: True check_circle

Yandex
update: 20200615
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Androm.Win32.991
update: 20200612
version: 2.0.0.4109
detected: True check_circle

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: Backdoor:Win32/Dynamer.dd8ab5b0
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D20063B2
update: 20200615
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200615
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
result: Trojan.GenericKD.33579954
update: 20200615
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200615
version: 2020-06-15.02
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200615
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.S.Agent.102400.CNG
update: 20200615
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Gen
update: 20200615
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_94%
update: 20200615
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33579954
update: 20200615
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Multi.Generic.4!c
update: 20200615
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33579954 (B)
update: 20200615
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Agent.jgmz
update: 20200615
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GuLoader.VHHZ!tr
update: 20200615
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Backdoor.Androm.aune
update: 20200615
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200615
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200615
version: 1.0
detected: True check_circle

Symantec
result: Trojan Horse
update: 20200614
version: 1.11.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20200505
version: 3.2.25.947
detected: True check_circle

AhnLab-V3
result: Malware/Win32.Generic.C4035515
update: 20200615
version: 3.18.0.10004
detected: True check_circle

Antiy-AVL
result: GrayWare/Win32.Generic
update: 20200615
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Backdoor.Win32.Androm.txnr
update: 20200615
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200613
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Dynamer!rfn
update: 20200615
version: 1.1.17100.2
detected: True check_circle

Qihoo-360
result: Win32/Backdoor.01b
update: 20200615
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Backdoor.Win32.Androm.txnr
update: 20200615
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: Win32/TrojanDownloader.Agent.EWX
update: 20200615
version: 21494
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DD120
update: 20200615
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33579954
update: 20200615
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005639201 )
update: 20200615
version: 11.114.34402
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200615
version: 200615-00
detected: False cancel

Malwarebytes
result: Trojan.GuLoader
update: 20200615
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200615
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Backdoor.AndromVMF.S13636113
update: 20200615
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Androm.hjvrin
update: 20200615
version: 1.0.134.25119
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZevbaF.34128.gm0@aO3cvSei
update: 20200609
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33579954
update: 20200615
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200612
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Fareit-FRR!57840469D424
update: 20200615
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TrojanSpy.Win32.FAREIT.SME.hp
update: 20200615
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312
scan_id
66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312-1592214068
resource
57840469d4245d18e860dbf076b050bf
positives
55
scan_date
2020-06-15 09:41:08
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\VERSION.DLL
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:42.512Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:42.512Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:45:42.512Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
24/6/2020 - 19:45:42.528Open1480C:\malware.exeC:\dwmapi.dll
24/6/2020 - 19:45:42.528Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:45:42.528Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:45:42.747Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 19:45:42.747Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 19:45:42.762Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:45:42.762Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:0.278Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.325Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.325Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.325Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.325Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:46:0.325Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.325Open1480C:\malware.exeC:\Windows\SysWOW64\mfc40.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 19:46:0.418Read2476C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 19:46:0.418Open2476C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Monitor
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Monitor
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Monitor
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\Fonts
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Fonts
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Fonts
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:0.418Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:0.418Open2476C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\Fonts\StaticCache.dat
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 19:46:0.434Read2476C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:0.434Read2476C:\malware.exeC:\Windows\SysWOW64\msvbvm60.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.434Unknown2476C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.434Open2476C:\malware.exeC:\Monitor
24/6/2020 - 19:46:0.450Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:0.450Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:0.450Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
24/6/2020 - 19:46:0.481Open2476C:\malware.exeC:\MSVCRT40.dll
24/6/2020 - 19:46:0.481Open2476C:\malware.exeC:\Windows\SysWOW64\msvcrt40.dll
24/6/2020 - 19:46:0.528Open2476C:\malware.exeC:\Windows\SysWOW64\msvcrt40.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\pt-BR\malware.exe.mui
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\pt\malware.exe.mui
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\en-US\malware.exe.mui
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\en\malware.exe.mui
24/6/2020 - 19:46:0.856Open2476C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.856Unknown2476C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\version.DLL
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Secur32.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:0.872Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:0.872Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 19:46:0.872Unknown2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 19:46:0.872Open2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 19:46:0.872Unknown2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\IPHLPAPI.DLL
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\WINNSI.DLL
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 19:46:0.918Open2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 19:46:0.934Unknown2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 19:46:0.934Open2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 19:46:0.934Unknown2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
24/6/2020 - 19:46:0.934Open2476C:\malware.exeC:\DNSAPI.dll
24/6/2020 - 19:46:0.934Open2476C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:46:0.934Open2476C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:46:0.981Open2476C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 19:46:0.981Open2476C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 19:46:0.981Open2476C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 19:46:0.981Open2476C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 19:46:1.28Open2476C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:1.28Open2476C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:1.75Open2476C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
24/6/2020 - 19:46:1.75Open2476C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
24/6/2020 - 19:46:1.75Open2476C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 19:46:1.75Open2476C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
24/6/2020 - 19:46:1.122Open2476C:\malware.exeC:\dhcpcsvc6.DLL
24/6/2020 - 19:46:1.122Open2476C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 19:46:1.122Unknown2476C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 19:46:1.122Open2476C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 19:46:1.122Unknown2476C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.168Unknown2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.168Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 19:46:1.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\dhcpcsvc.DLL
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.184Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.200Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.200Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:1.200Open2476C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 19:46:1.200Open2476C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:46:1.200Unknown2476C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:46:1.200Open2476C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:46:1.200Unknown2476C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:46:1.262Open2476C:\malware.exeC:\rasadhlp.dll
24/6/2020 - 19:46:1.262Open2476C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
24/6/2020 - 19:46:1.262Open2476C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
24/6/2020 - 19:46:1.325Open2476C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 19:46:1.325Open2476C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
24/6/2020 - 19:46:1.325Open2476C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
24/6/2020 - 19:46:1.325Open2476C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wininet.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:1.481Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 19:46:1.481Unknown2476C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:1.481Open2476C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
24/6/2020 - 19:46:3.965Open2476C:\malware.exeC:\Windows\SysWOW64\wininet.dll
24/6/2020 - 19:46:3.965Open2476C:\malware.exeC:\Windows\SysWOW64\wininet.dll
24/6/2020 - 19:46:4.497Open2476C:\malware.exeC:\credssp.dll
24/6/2020 - 19:46:4.497Open2476C:\malware.exeC:\Windows\SysWOW64\credssp.dll
24/6/2020 - 19:46:4.497Open2476C:\malware.exeC:\Windows\SysWOW64\credssp.dll
24/6/2020 - 19:46:4.512Open2476C:\malware.exeC:\Windows\SysWOW64\schannel.dll
24/6/2020 - 19:46:4.512Open2476C:\malware.exeC:\Windows\SysWOW64\schannel.dll
24/6/2020 - 19:46:4.512Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
24/6/2020 - 19:46:4.512Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:4.512Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:4.512Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:4.512Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:4.512Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:4.512Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:4.606Open2476C:\malware.exeC:\ncrypt.dll
24/6/2020 - 19:46:4.606Open2476C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
24/6/2020 - 19:46:4.606Open2476C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
24/6/2020 - 19:46:4.622Open2476C:\malware.exeC:\bcrypt.dll
24/6/2020 - 19:46:4.622Open2476C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:46:4.622Open2476C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:46:4.622Open2476C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 19:46:4.622Unknown2476C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 19:46:4.622Open2476C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
24/6/2020 - 19:46:4.622Unknown2476C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
24/6/2020 - 19:46:4.637Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:4.637Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:4.637Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:4.637Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:4.637Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:4.637Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:4.653Open2476C:\malware.exeC:\GPAPI.dll
24/6/2020 - 19:46:4.653Open2476C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 19:46:4.653Open2476C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:4.747Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:4.747Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:4.747Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 19:46:4.747Unknown2476C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
24/6/2020 - 19:46:4.747Unknown2476C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:46:4.747Open2476C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
24/6/2020 - 19:46:4.762Open2476C:\malware.exeC:\cryptnet.dll
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.793Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.793Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\SensApi.dll
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
24/6/2020 - 19:46:4.793Open2476C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
24/6/2020 - 19:46:4.856Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.856Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.856Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.856Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.856Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:4.856Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\WINHTTP.dll
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\webio.dll
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 19:46:4.903Open2476C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
24/6/2020 - 19:46:4.997Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.997Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.997Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.997Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:4.997Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.122Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.122Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.122Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.122Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.122Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.122Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.122Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Read2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Read2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Read2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.137Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.137Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_15145278D40BAF22721984D91B9DFB33
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.153Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7
24/6/2020 - 19:46:6.184Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.184Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.184Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.184Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.325Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.325Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.325Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.325Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.325Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
24/6/2020 - 19:46:6.387Open2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Read2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Read2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Read2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Write2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49
24/6/2020 - 19:46:6.387Unknown2476C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49BE8B021F9E811DFC8C8A28572A17C05A_2E11ECD2011DB169365384C6FF99FC49

Process
Trace
24/6/2020 - 19:46:0.278Create1480C:\malware.exe2476C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 19:46:0.934Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
24/6/2020 - 19:46:0.934Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
24/6/2020 - 19:46:0.934Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
24/6/2020 - 19:46:0.934Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
24/6/2020 - 19:46:0.934Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
24/6/2020 - 19:46:0.934Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
24/6/2020 - 19:46:1.168Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
24/6/2020 - 19:46:1.184Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
24/6/2020 - 19:46:1.372Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
24/6/2020 - 19:46:1.372Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
24/6/2020 - 19:46:1.372Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
24/6/2020 - 19:46:1.372Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
24/6/2020 - 19:46:4.356Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
24/6/2020 - 19:46:4.356Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
24/6/2020 - 19:46:4.356Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
24/6/2020 - 19:46:4.356Delete2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
24/6/2020 - 19:46:4.747Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:46:4.747Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:46:4.747Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:46:4.747Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:46:4.747Write2476C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
24/6/2020 - 19:46:4.762Delete2476C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
24/6/2020 - 19:46:4.762Write2476C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
24/6/2020 - 19:46:4.762Delete2476C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
24/6/2020 - 19:46:4.762Write2476C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code drive.google.com.
computer localhost arrow_forward computer gateway:DNS code drive.google.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.

Response
computer gateway:DNS arrow_forward computer localhost code drive.google.com. reply_all 172.217.30.110

computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 172.217.172.195


TCP
Info
computer localhost:65217 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65248
172.217.30.110:443 arrow_forward computer localhost:65280
172.217.30.110:443 arrow_forward computer localhost:65354
172.217.30.110:443 arrow_forward computer localhost:65215
computer localhost:65377 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65291
172.217.30.110:443 arrow_forward computer localhost:65222
computer localhost:65372 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65266
172.217.30.110:443 arrow_forward computer localhost:65237
computer localhost:65254 arrow_forward 172.217.30.110:443
computer localhost:65322 arrow_forward 172.217.30.110:443
computer localhost:65318 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65304
172.217.30.110:443 arrow_forward computer localhost:65367
computer localhost:65295 arrow_forward 172.217.30.110:443
computer localhost:65196 arrow_forward 172.217.30.110:443
computer localhost:65207 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65277
computer localhost:65202 arrow_forward 172.217.30.110:443
computer localhost:65216 arrow_forward 172.217.30.110:443
computer localhost:65291 arrow_forward 172.217.30.110:443
computer localhost:65383 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65244
172.217.30.110:443 arrow_forward computer localhost:65284
computer localhost:65270 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65219
172.217.30.110:443 arrow_forward computer localhost:65295
computer localhost:65306 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65226
172.217.30.110:443 arrow_forward computer localhost:65262
172.217.30.110:443 arrow_forward computer localhost:65201
172.217.30.110:443 arrow_forward computer localhost:65233
computer localhost:65293 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65389
172.217.30.110:443 arrow_forward computer localhost:65194
computer localhost:65268 arrow_forward 172.217.30.110:443
computer localhost:65265 arrow_forward 172.217.30.110:443
computer localhost:65337 arrow_forward 172.217.30.110:443
computer localhost:65201 arrow_forward 172.217.30.110:443
computer localhost:65321 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65398
172.217.30.110:443 arrow_forward computer localhost:65349
computer localhost:65231 arrow_forward 172.217.30.110:443
computer localhost:65204 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65338
172.217.30.110:443 arrow_forward computer localhost:65359
172.217.30.110:443 arrow_forward computer localhost:65240
172.217.30.110:443 arrow_forward computer localhost:65329
172.217.30.110:443 arrow_forward computer localhost:65316
computer localhost:65345 arrow_forward 172.217.30.110:443
computer localhost:65366 arrow_forward 172.217.30.110:443
computer localhost:65274 arrow_forward 172.217.30.110:443
computer localhost:65279 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65205
172.217.30.110:443 arrow_forward computer localhost:65198
computer localhost:65233 arrow_forward 172.217.30.110:443
computer localhost:65289 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65378
computer localhost:65348 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65373
172.217.30.110:443 arrow_forward computer localhost:65394
172.217.30.110:443 arrow_forward computer localhost:65345
computer localhost:65284 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65289
172.217.30.110:443 arrow_forward computer localhost:65334
computer localhost:65215 arrow_forward 172.217.30.110:443
computer localhost:65347 arrow_forward 172.217.30.110:443
computer localhost:65300 arrow_forward 172.217.30.110:443
computer localhost:65356 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65380
computer localhost:65310 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65312
172.217.30.110:443 arrow_forward computer localhost:65209
172.217.30.110:443 arrow_forward computer localhost:65369
computer localhost:65252 arrow_forward 172.217.30.110:443
computer localhost:65316 arrow_forward 172.217.30.110:443
computer localhost:65229 arrow_forward 172.217.30.110:443
computer localhost:65226 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65377
172.217.30.110:443 arrow_forward computer localhost:65390
172.217.30.110:443 arrow_forward computer localhost:65341
computer localhost:65319 arrow_forward 172.217.30.110:443
computer localhost:65198 arrow_forward 172.217.30.110:443
computer localhost:65273 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65362
computer localhost:65354 arrow_forward 172.217.30.110:443
computer localhost:65368 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65330
172.217.30.110:443 arrow_forward computer localhost:65351
computer localhost:65398 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65210
172.217.30.110:443 arrow_forward computer localhost:65321
172.217.30.110:443 arrow_forward computer localhost:65384
computer localhost:65272 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65257
computer localhost:65209 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65303
computer localhost:65224 arrow_forward 172.217.30.110:443
computer localhost:65346 arrow_forward 172.217.30.110:443
computer localhost:65227 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65272
computer localhost:65222 arrow_forward 172.217.30.110:443
computer localhost:65324 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65249
172.217.30.110:443 arrow_forward computer localhost:65281
172.217.30.110:443 arrow_forward computer localhost:65355
computer localhost:65208 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65311
172.217.30.110:443 arrow_forward computer localhost:65214
computer localhost:65243 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65366
172.217.30.110:443 arrow_forward computer localhost:65290
172.217.30.110:443 arrow_forward computer localhost:65223
computer localhost:65255 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65267
172.217.30.110:443 arrow_forward computer localhost:65253
172.217.30.110:443 arrow_forward computer localhost:65236
computer localhost:65384 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65191
172.217.30.110:443 arrow_forward computer localhost:65307
computer localhost:65308 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65204
172.217.30.110:443 arrow_forward computer localhost:65276
computer localhost:65303 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65245
172.217.30.110:443 arrow_forward computer localhost:65285
computer localhost:65287 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65218
computer localhost:65315 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65294
172.217.30.110:443 arrow_forward computer localhost:65227
computer localhost:65392 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65263
172.217.30.110:443 arrow_forward computer localhost:65202
172.217.30.110:443 arrow_forward computer localhost:65232
172.217.30.110:443 arrow_forward computer localhost:65195
computer localhost:65298 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65348
computer localhost:65314 arrow_forward 172.217.30.110:443
computer localhost:65344 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65339
172.217.30.110:443 arrow_forward computer localhost:65241
172.217.30.110:443 arrow_forward computer localhost:65328
computer localhost:65191 arrow_forward 172.217.30.110:443
computer localhost:65325 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65317
172.217.30.110:443 arrow_forward computer localhost:65206
172.217.30.110:443 arrow_forward computer localhost:65383
computer localhost:65397 arrow_forward 172.217.30.110:443
computer localhost:65381 arrow_forward 172.217.30.110:443
computer localhost:65264 arrow_forward 172.217.30.110:443
computer localhost:65379 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65199
computer localhost:65197 arrow_forward 172.217.30.110:443
computer localhost:65365 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65395
computer localhost:65312 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65344
172.217.30.110:443 arrow_forward computer localhost:65335
172.217.30.110:443 arrow_forward computer localhost:65324
172.217.30.110:443 arrow_forward computer localhost:65228
computer localhost:65360 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65313
computer localhost:65336 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65397
172.217.30.110:443 arrow_forward computer localhost:65251
computer localhost:65262 arrow_forward 172.217.30.110:443
computer localhost:65393 arrow_forward 172.217.30.110:443
computer localhost:65238 arrow_forward 172.217.30.110:443
computer localhost:65364 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65279
computer localhost:65313 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65340
computer localhost:65353 arrow_forward 172.217.30.110:443
computer localhost:65297 arrow_forward 172.217.30.110:443
computer localhost:65389 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65361
172.217.30.110:443 arrow_forward computer localhost:65331
172.217.30.110:443 arrow_forward computer localhost:65320
172.217.30.110:443 arrow_forward computer localhost:65387
computer localhost:65330 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65256
computer localhost:65281 arrow_forward 172.217.30.110:443
computer localhost:65307 arrow_forward 172.217.30.110:443
computer localhost:65391 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65302
computer localhost:65263 arrow_forward 172.217.30.110:443
computer localhost:65223 arrow_forward 172.217.30.110:443
computer localhost:65376 arrow_forward 172.217.30.110:443
computer localhost:65195 arrow_forward 172.217.30.110:443
computer localhost:65334 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65374
computer localhost:65280 arrow_forward 172.217.30.110:443
computer localhost:65292 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65282
computer localhost:65192 arrow_forward 172.217.172.195:80
172.217.30.110:443 arrow_forward computer localhost:65352
computer localhost:65373 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65213
172.217.30.110:443 arrow_forward computer localhost:65220
computer localhost:65212 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65264
172.217.30.110:443 arrow_forward computer localhost:65252
172.217.30.110:443 arrow_forward computer localhost:65239
computer localhost:65286 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65306
computer localhost:65395 arrow_forward 172.217.30.110:443
computer localhost:65285 arrow_forward 172.217.30.110:443
computer localhost:65228 arrow_forward 172.217.30.110:443
computer localhost:65236 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65388
computer localhost:65203 arrow_forward 172.217.30.110:443
computer localhost:65249 arrow_forward 172.217.30.110:443
computer localhost:65282 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65271
computer localhost:65259 arrow_forward 172.217.30.110:443
computer localhost:65239 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65246
172.217.30.110:443 arrow_forward computer localhost:65286
computer localhost:65250 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65356
172.217.30.110:443 arrow_forward computer localhost:65217
172.217.30.110:443 arrow_forward computer localhost:65293
computer localhost:65296 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65224
computer localhost:65378 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65254
computer localhost:65232 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65260
172.217.30.110:443 arrow_forward computer localhost:65203
172.217.30.110:443 arrow_forward computer localhost:65235
172.217.30.110:443 arrow_forward computer localhost:65370
172.217.30.110:443 arrow_forward computer localhost:65196
172.217.30.110:443 arrow_forward computer localhost:65391
computer localhost:65193 arrow_forward 172.217.30.110:443
computer localhost:65260 arrow_forward 172.217.30.110:443
computer localhost:65341 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65379
computer localhost:65374 arrow_forward 172.217.30.110:443
computer localhost:65275 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65275
computer localhost:65351 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65242
computer localhost:65294 arrow_forward 172.217.30.110:443
computer localhost:65225 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65297
172.217.30.110:443 arrow_forward computer localhost:65314
computer localhost:65271 arrow_forward 172.217.30.110:443
computer localhost:65245 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65207
computer localhost:65333 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65231
computer localhost:65240 arrow_forward 172.217.30.110:443
computer localhost:65283 arrow_forward 172.217.30.110:443
computer localhost:65343 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65368
172.217.172.195:80 arrow_forward computer localhost:65192
computer localhost:65261 arrow_forward 172.217.30.110:443
computer localhost:65277 arrow_forward 172.217.30.110:443
computer localhost:65340 arrow_forward 172.217.30.110:443
computer localhost:65234 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65347
computer localhost:65244 arrow_forward 172.217.30.110:443
computer localhost:65256 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65336
computer localhost:65320 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65229
computer localhost:65253 arrow_forward 172.217.30.110:443
computer localhost:65290 arrow_forward 172.217.30.110:443
computer localhost:65194 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65259
computer localhost:65242 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65268
172.217.30.110:443 arrow_forward computer localhost:65309
computer localhost:65205 arrow_forward 172.217.30.110:443
computer localhost:65235 arrow_forward 172.217.30.110:443
computer localhost:65241 arrow_forward 172.217.30.110:443
computer localhost:65199 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65278
172.217.30.110:443 arrow_forward computer localhost:65396
172.217.30.110:443 arrow_forward computer localhost:65343
172.217.30.110:443 arrow_forward computer localhost:65360
computer localhost:65251 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65332
172.217.30.110:443 arrow_forward computer localhost:65327
172.217.30.110:443 arrow_forward computer localhost:65386
computer localhost:65301 arrow_forward 172.217.30.110:443
computer localhost:65237 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65255
computer localhost:65269 arrow_forward 172.217.30.110:443
computer localhost:65288 arrow_forward 172.217.30.110:443
computer localhost:65380 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65393
computer localhost:65357 arrow_forward 172.217.30.110:443
computer localhost:65370 arrow_forward 172.217.30.110:443
computer localhost:65387 arrow_forward 172.217.30.110:443
computer localhost:65304 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65375
172.217.30.110:443 arrow_forward computer localhost:65392
172.217.30.110:443 arrow_forward computer localhost:65364
computer localhost:65276 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65283
172.217.30.110:443 arrow_forward computer localhost:65353
172.217.30.110:443 arrow_forward computer localhost:65212
172.217.30.110:443 arrow_forward computer localhost:65323
172.217.30.110:443 arrow_forward computer localhost:65221
172.217.30.110:443 arrow_forward computer localhost:65265
172.217.30.110:443 arrow_forward computer localhost:65318
172.217.30.110:443 arrow_forward computer localhost:65238
computer localhost:65339 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65193
172.217.30.110:443 arrow_forward computer localhost:65301
computer localhost:65329 arrow_forward 172.217.30.110:443
computer localhost:65382 arrow_forward 172.217.30.110:443
computer localhost:65299 arrow_forward 172.217.30.110:443
computer localhost:65388 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65270
172.217.30.110:443 arrow_forward computer localhost:65247
172.217.30.110:443 arrow_forward computer localhost:65287
172.217.30.110:443 arrow_forward computer localhost:65357
computer localhost:65363 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65216
172.217.30.110:443 arrow_forward computer localhost:65292
172.217.30.110:443 arrow_forward computer localhost:65225
computer localhost:65220 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65261
172.217.30.110:443 arrow_forward computer localhost:65382
172.217.30.110:443 arrow_forward computer localhost:65234
computer localhost:65386 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65197
172.217.30.110:443 arrow_forward computer localhost:65305
computer localhost:65328 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65296
computer localhost:65213 arrow_forward 172.217.30.110:443
computer localhost:65278 arrow_forward 172.217.30.110:443
computer localhost:65349 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65274
172.217.30.110:443 arrow_forward computer localhost:65243
172.217.30.110:443 arrow_forward computer localhost:65310
computer localhost:65359 arrow_forward 172.217.30.110:443
computer localhost:65258 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65315
172.217.30.110:443 arrow_forward computer localhost:65200
computer localhost:65355 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65230
172.217.30.110:443 arrow_forward computer localhost:65250
computer localhost:65309 arrow_forward 172.217.30.110:443
computer localhost:65371 arrow_forward 172.217.30.110:443
computer localhost:65367 arrow_forward 172.217.30.110:443
computer localhost:65369 arrow_forward 172.217.30.110:443
computer localhost:65358 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65346
computer localhost:65221 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65337
172.217.30.110:443 arrow_forward computer localhost:65358
computer localhost:65375 arrow_forward 172.217.30.110:443
computer localhost:65247 arrow_forward 172.217.30.110:443
computer localhost:65317 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65258
172.217.30.110:443 arrow_forward computer localhost:65269
computer localhost:65219 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65308
computer localhost:65218 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65365
computer localhost:65396 arrow_forward 172.217.30.110:443
computer localhost:65230 arrow_forward 172.217.30.110:443
computer localhost:65200 arrow_forward 172.217.30.110:443
computer localhost:65267 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65372
computer localhost:65332 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65342
computer localhost:65257 arrow_forward 172.217.30.110:443
computer localhost:65390 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65288
172.217.30.110:443 arrow_forward computer localhost:65333
computer localhost:65305 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65299
172.217.30.110:443 arrow_forward computer localhost:65326
172.217.30.110:443 arrow_forward computer localhost:65381
computer localhost:65361 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65298
computer localhost:65210 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65325
computer localhost:65394 arrow_forward 172.217.30.110:443
computer localhost:65302 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65208
computer localhost:65385 arrow_forward 172.217.30.110:443
computer localhost:65335 arrow_forward 172.217.30.110:443
computer localhost:65338 arrow_forward 172.217.30.110:443
computer localhost:65311 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65376
computer localhost:65214 arrow_forward 172.217.30.110:443
computer localhost:65211 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65363
computer localhost:65352 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65350
computer localhost:65266 arrow_forward 172.217.30.110:443
computer localhost:65342 arrow_forward 172.217.30.110:443
computer localhost:65362 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65211
172.217.30.110:443 arrow_forward computer localhost:65322
172.217.30.110:443 arrow_forward computer localhost:65385
computer localhost:65326 arrow_forward 172.217.30.110:443
computer localhost:65248 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65319
computer localhost:65246 arrow_forward 172.217.30.110:443
computer localhost:65323 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65371
172.217.30.110:443 arrow_forward computer localhost:65300
computer localhost:65331 arrow_forward 172.217.30.110:443
computer localhost:65206 arrow_forward 172.217.30.110:443
computer localhost:65327 arrow_forward 172.217.30.110:443
computer localhost:65350 arrow_forward 172.217.30.110:443
172.217.30.110:443 arrow_forward computer localhost:65273

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFb63M0OvvAcCAAAAABDVec%3D
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 83.53%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.42%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 75.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 82.67%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 89.98%
suspicious: False cancel

Add to Collection
Download