Report #11673 check_circle

Binary
DLL
False cancel
Size
1.35MB
trid
45.5% Win32 Executable Borland Delphi 7
30.9% Win32 Executable Borland Delphi 5
18.0% Win32 Executable Borland Delphi 6
2.9% InstallShield setup
0.9% Win32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e1520a533902cec940aafcd632c3064c
sha1
192a7d6850b9845f2109ce13b44a008dfa1a8b0f
crc32
0xd90dac82
sha224
e7b8f510119929db156b419279c0d003f53081bafb27af8e312d887a
sha256
d8585f1f19b5d3bdffadfbf34109a01dcc93ed350fc78249805c5de349d857cd
sha384
a127000cfe670e467c3d16a4c46247abb06a0b5df8694288f2dc65b633c667f8ce44846a7dd167d00794bd4f320494da
sha512
58f76f281bc497a37516c46ee1a8b1501c50063495df06ec44b475abf1ac1da72fd056f9c02b55f3a70760e9b297b80ab078bee57fa5e1536f6af3d21d9a310d
ssdeep
24576:z1Vp7T7nJW5A19ry2Luon3iccC6VI+Ks7PTU+STA/5:BTfY2tn3icc7I+z7TPSTA/5
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, Borland_Delphi_30_, HasOverlay, network_dropper, CRC32_poly_Constant, BASE64_table, Delphi_DecodeDate, RIPEMD160_Constants, borland_delphi, Delphi_FormShow, network_dns, BobSoftMiniDelphiBoBBobSoft, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, Browsers, win_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, contentis_base64, network_tcp_socket, screenshot, network_tcp_listen, Borland_Delphi_v40_v50, keylogger, win_mutex, Borland_Delphi_40_additional, Borland_Delphi_40, network_ssl, Delphi_Random, IsWindowsGUI, network_udp_sock, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious
True check_circle

Strings
List
http://www.immensum.com.br/arq/ROOBtoolz0.zip?3d4f5g6h7j8kxxEO!#]100[SO!#]200[
the appropriate version of this product at http://www.componentace.com
Web site: http://www.componentace.com
t.Ht
http://www.biltag.nu/cont/xrd/notify.phpEO!#]200[SO!#]300[
Font.Name
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Style
Font.Name
NotesFont.Name
NotesFont.Name
NotesFont.Name
NotesFont.Style
NotesFont.Style
NotesFont.Style
Invalid compressed size, rfs.size = %d, count = %d
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
feel free to contact us at support@componentace.com
Uh.SK
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
iexplore.exe
1.0.0.1
1.2.5.1
1.2.5.1
1.2.5.1 ItemIndex
\Software\Borland\C++Builder
\Software\Borland\Delphi
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
\Software\Borland\BDS
olepro32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
version.dll
wininet.dll
vcltest3.dll
uxtheme.dll
SHFolder.dll
Network is down.
RdPS
Host is down.
Hashed list of file names is invalid
Username
Password for "%s"
1.4.3.1
1.4.3.1
1.4.3.1
Socket Error # %d
""fD**~T
+IdTCPServer
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
Calculated
fkCalculated
Bad address.
Connected.
JumpID("","%s")
F0x589s63a78912.vio
F0x589s63a78912.vio
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
- Dock zone has no control
Too many open files.
Apartment
Connection reset by peer.
Connection timed out.
Sub-menu is not in menu
Cannot compress file '%s'. Zip64 mode is not enabled
/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Division by zero
Stage
Rebuild
GdipDeleteFont
GdipDeletePen
GdipDeletePath
ToolWin
poDelete
August September
Selected
TaskbarCreated
bsSizeToolWin
FullRepaint
ColorSelected
GdiplusShutdown
Next record
Delete record
Too many open files
Record not found
Unexpected nil pointer
cbUnchecked cbChecked

Foremost
Matches
2742.bmp, 214 B, 2742.bmp, 214 B, 2743.bmp, 214 B, 2743.bmp, 214 B, 0.exe, 1 MB, 2727.png, 345 B, 2727.png, 526 B, 2728.png, 350 B, 2729.png, 296 B, 2730.png, 395 B, 2730.png, 483 B
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.0.0.1, 1, one.one.one.one.
Suspicious: 1.4.3.1, 0, Unknown, 1.2.5.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.immensum.com.br/arq/roobtoolz0.zip?3d4f5g6h7j8kxxeo, http://www.componentace.com, http://www.biltag.nu/cont/xrd/notify.phpeo
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: Window Text=This control requires version 4.70 or greater of COMCTL32.DLL, MAPI32.DLL, URLMON.DLL, wininet.dll, WS2_32.DLL, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, gdiplus.dll, oleaut32.dll, SHFolder.dll, kernel32.dll, vcltest3.dll, olepro32.dll, version.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 399872
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1023088
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mapi32.dll, urlmon.dll, wininet.dll, ws2_32.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, gdiplus.dll, oleaut32.dll, shfolder.dll, kernel32.dll, olepro32.dll, version.dll, shell32.dll
hasLibs: True check_circle
Suspicious: window text=this control requires version 4.70 or greater of comctl32.dll, vcltest3.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: BobSoft Mini Delphi -> BoB / BobSoft
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 171
.rsrc: 32

pushpopmath
none: 24
.rsrc: 32
.reloc: 49

garbagebytes
none: 166
.rsrc: 12

hookdetection
none: 7
.reloc: 2

software breakpoint
none: 7
.reloc: 22

programcontrolflowchange
none: 166
.rsrc: 12

cpuinstructionsresultscomparison
none: 36
.rsrc: 85
.reloc: 1

AVclass
banload
1
VirusTotal
md5
e1520a533902cec940aafcd632c3064c
sha1
192a7d6850b9845f2109ce13b44a008dfa1a8b0f
SCANS (DETECTION RATE = 63.77%)
AVG
result: Win32:Banker-NAG [Trj]
update: 20180930
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180930
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=81)
update: 20180930
version: 2018.9.12.1
detected: True check_circle

Bkav
update: 20180928
version: 1.3.0.9898
detected: False cancel

K7GW
result: Trojan-Downloader ( 005052171 )
update: 20180930
version: 11.5.28552
detected: True check_circle

ALYac
result: Gen:Variant.Zusy.222029
update: 20180930
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Banker-NAG [Trj]
update: 20180930
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1027733
update: 20180930
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180930
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.TFUU-3112
update: 20180930
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180930
version: 7.0.33.6080
detected: False cancel

GData
result: Gen:Variant.Zusy.222029
update: 20180930
version: A:25.18715B:25.13337
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180930
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.TrojanDownloader.Banload
update: 20180928
version: 3.33.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180930
version: 69954
detected: True check_circle

Zoner
update: 20180927
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180925
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180930
version: 0.100.1.0
detected: False cancel

Comodo
update: 20180930
version: 29752
detected: False cancel

F-Prot
update: 20180930
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180930
version: 0.1.5.2
detected: True check_circle

McAfee
result: Downloader-FBKF!E1520A533902
update: 20180930
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Banload!8.15B (TFE:5:yUCYDJJxrwS)
update: 20180930
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180930
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Delf!A1h0dexNokU
update: 20180927
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Delf.Win32.51355
update: 20180928
version: 2.0.0.3658
detected: True check_circle

Alibaba
update: 20180921
version: 0.1.0.2
detected: False cancel

Arcabit
result: Trojan.Zusy.D3634D
update: 20180930
version: 1.0.0.833
detected: True check_circle

Babable
update: 20180918
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180930
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180730
version: 3.0.1
detected: True check_circle

TACHYON
update: 20180930
version: 2018-09-30.02
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Delf.Ahnu
update: 20180930
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180929
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180930
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180930
detected: False cancel

Ad-Aware
result: Gen:Variant.Zusy.222029
update: 20180930
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20180930
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Zusy.222029 (B)
update: 20180930
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Gen:Variant.Zusy.222029
update: 20180930
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.XUY!tr.dldr
update: 20180930
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180717
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180930
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180930
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180930
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180929
version: 1.7.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Banload.C1793311
update: 20180930
version: 3.13.1.21616
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180930
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.Delf.kmhf
update: 20180930
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180930
version: 1.1.15300.6
detected: True check_circle

Qihoo-360
update: 20180930
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180927
version: 6.8.0.5.3713
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.Delf.kmhf
update: 20180925
version: 1.0
detected: True check_circle

Cybereason
result: malicious.33902c
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/TrojanDownloader.Banload.XUX
update: 20180930
version: 18136
detected: True check_circle

TrendMicro
update: 20180930
version: 10.0.0.1040
detected: False cancel

BitDefender
result: Gen:Variant.Zusy.222029
update: 20180930
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (D)
update: 20180723
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 005052171 )
update: 20180930
version: 11.5.28552
detected: True check_circle

SentinelOne
update: 20180926
version: 1.0.19.242
detected: False cancel

Avast-Mobile
update: 20180928
version: 180928-00
detected: False cancel

Malwarebytes
update: 20180930
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180930
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Dynamer
update: 20180929
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Delf.elssqa
update: 20180930
version: 1.0.134.24036
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Zusy.222029
update: 20180930
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180907
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Dropper.th
update: 20180930
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20180930
version: 10.0.0.1040
detected: False cancel

total
69
sha256
d8585f1f19b5d3bdffadfbf34109a01dcc93ed350fc78249805c5de349d857cd
scan_id
d8585f1f19b5d3bdffadfbf34109a01dcc93ed350fc78249805c5de349d857cd-1538309638
resource
e1520a533902cec940aafcd632c3064c
positives
44
scan_date
2018-09-30 12:13:58
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/9/2020 - 23:45:43.903Open2172C:\malware.exeC:\SHFolder.dll
21/9/2020 - 23:45:43.903Open2172C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 23:45:43.903Open2172C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 23:45:43.918Open2172C:\malware.exeC:\malware.exe.Local
21/9/2020 - 23:45:43.918Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 23:45:43.918Unknown2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 23:45:43.918Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 23:45:43.918Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\malware.PTB
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\malware.PTB.DLL
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\malware.PT
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\malware.PT.DLL
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 23:45:43.934Open2172C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 23:45:43.965Open2172C:\malware.exeC:\dwmapi.dll
21/9/2020 - 23:45:43.965Open2172C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 23:45:43.965Open2172C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 23:45:43.965Open2172C:\malware.exeC:\Windows\Fonts\StaticCache.dat
21/9/2020 - 23:45:43.965Read2172C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
21/9/2020 - 23:45:43.965Open2172C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 23:45:43.965Unknown2172C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 23:46:16.168Open2172C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 23:46:16.168Open2172C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 23:46:16.215Open2172C:\malware.exeC:\malware.exe.Local
21/9/2020 - 23:46:16.215Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
21/9/2020 - 23:46:16.309Unknown2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
21/9/2020 - 23:46:16.309Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
21/9/2020 - 23:46:16.309Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
21/9/2020 - 23:46:16.356Read2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
21/9/2020 - 23:46:16.403Open2172C:\malware.exeC:\Windows\Fonts\sserife.fon
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\malware.exe.Local
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 23:46:16.778Unknown2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 23:46:16.778Open2172C:\malware.exeC:\Windows\WindowsShell.Manifest
21/9/2020 - 23:46:16.778Unknown2172C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/9/2020 - 23:46:16.825Open2172C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 23:46:16.872Open2172C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 23:46:16.872Open2172C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 23:46:16.872Open2172C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 23:46:16.872Open2172C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 23:46:16.872Open2172C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 23:46:16.872Open2172C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 23:46:16.918Open2172C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 23:46:16.918Open2172C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 23:46:16.918Open2172C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 23:46:16.918Open2172C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 23:46:16.965Open2172C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 23:46:16.965Open2172C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 23:46:16.965Open2172C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 23:46:16.965Open2172C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 23:46:16.965Open2172C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 23:46:16.965Open2172C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 23:46:17.200Open2172C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 23:46:17.668Open2172C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 23:46:17.715Open2172C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 23:46:17.715Open2172C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 23:46:17.762Open2172C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 23:46:17.762Open2172C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 23:46:17.762Open2172C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 23:46:17.762Open2172C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 23:46:17.809Open2172C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 23:46:17.856Open2172C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 23:46:18.43Open2172C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 23:46:18.184Open2172C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 23:46:18.231Open2172C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 23:46:18.231Open2172C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 23:46:18.231Open2172C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 23:46:18.231Open2172C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 23:46:18.278Open2172C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 23:46:18.325Open2172C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 23:46:18.372Open2172C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 23:46:18.372Open2172C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 23:46:18.418Open2172C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 23:46:18.418Open2172C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 23:46:18.465Open2172C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 23:46:18.465Open2172C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 23:46:18.512Open2172C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 23:46:18.512Open2172C:\malware.exeC:\Windows\Fonts\coure.fon
21/9/2020 - 23:46:18.512Open2172C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 23:46:18.559Open2172C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 23:46:18.606Open2172C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 23:46:18.653Open2172C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 23:46:18.653Open2172C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 23:46:18.700Open2172C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 23:46:18.700Open2172C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 23:46:18.840Open2172C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 23:46:19.28Open2172C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 23:46:19.75Open2172C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 23:46:19.75Open2172C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 23:46:19.122Open2172C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 23:46:19.122Open2172C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 23:46:19.403Open2172C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 23:46:19.872Open2172C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 23:46:19.965Open2172C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 23:46:19.965Open2172C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 23:46:20.12Open2172C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 23:46:20.12Open2172C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 23:46:20.59Open2172C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 23:46:20.59Open2172C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 23:46:20.153Open2172C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 23:46:20.153Open2172C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 23:46:20.293Open2172C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 23:46:20.293Open2172C:\malware.exeC:\Windows\Fonts\vgafix.fon
21/9/2020 - 23:46:20.293Open2172C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 23:46:20.340Open2172C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 23:46:20.340Open2172C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 23:46:20.387Open2172C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 23:46:20.387Open2172C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 23:46:20.434Open2172C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 23:46:20.434Open2172C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 23:46:20.481Open2172C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 23:46:20.528Open2172C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 23:46:20.575Open2172C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 23:46:20.575Open2172C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 23:46:20.622Open2172C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 23:46:20.622Open2172C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 23:46:20.668Open2172C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 23:46:21.43Open2172C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 23:46:21.90Open2172C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 23:46:21.90Open2172C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 23:46:21.137Open2172C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 23:46:21.137Open2172C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 23:46:21.231Open2172C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 23:46:21.231Open2172C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 23:46:21.278Open2172C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 23:46:21.278Open2172C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 23:46:21.418Open2172C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 23:46:21.418Open2172C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 23:46:21.465Open2172C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 23:46:21.465Open2172C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 23:46:21.512Open2172C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 23:46:21.512Open2172C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 23:46:21.559Open2172C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 23:46:21.559Open2172C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 23:46:21.606Open2172C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 23:46:21.606Open2172C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 23:46:21.653Open2172C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 23:46:21.653Open2172C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 23:46:21.700Open2172C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 23:46:21.700Open2172C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 23:46:21.747Open2172C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 23:46:21.747Open2172C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 23:46:21.793Open2172C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 23:46:21.793Open2172C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 23:46:21.840Open2172C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 23:46:21.840Open2172C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 23:46:21.887Open2172C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 23:46:21.887Open2172C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 23:46:21.934Open2172C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 23:46:21.981Open2172C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 23:46:22.75Open2172C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 23:46:22.75Open2172C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 23:46:22.215Open2172C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 23:46:22.356Open2172C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 23:46:22.450Open2172C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 23:46:22.450Open2172C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 23:46:22.731Open2172C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 23:46:23.153Open2172C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 23:46:23.200Open2172C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 23:46:23.247Open2172C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 23:46:23.340Open2172C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 23:46:23.700Open2172C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 23:46:23.747Open2172C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 23:46:23.747Open2172C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 23:46:23.840Open2172C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 23:46:23.840Open2172C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 23:46:23.840Open2172C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 23:46:23.840Open2172C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 23:46:23.887Open2172C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 23:46:23.887Open2172C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 23:46:23.981Open2172C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 23:46:23.981Open2172C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 23:46:24.122Open2172C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 23:46:24.309Open2172C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 23:46:24.450Open2172C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 23:46:24.450Open2172C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 23:46:24.590Open2172C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 23:46:24.965Open2172C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 23:46:25.153Open2172C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 23:46:25.387Open2172C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 23:46:25.434Open2172C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 23:46:25.434Open2172C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 23:46:25.481Open2172C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 23:46:25.481Open2172C:\malware.exeC:\Windows\Fonts\modern.fon
21/9/2020 - 23:46:25.481Open2172C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 23:46:25.575Open2172C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 23:46:25.575Open2172C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 23:46:25.622Open2172C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 23:46:25.622Open2172C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 23:46:25.809Open2172C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 23:46:25.997Open2172C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 23:46:26.184Open2172C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 23:46:26.840Open2172C:\malware.exeC:\Windows\Fonts\serife.fon
21/9/2020 - 23:46:26.981Open2172C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 23:46:27.28Open2172C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 23:46:27.28Open2172C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 23:46:27.75Open2172C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 23:46:27.75Open2172C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 23:46:27.75Open2172C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 23:46:27.75Open2172C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 23:46:27.168Open2172C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 23:46:27.168Open2172C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 23:46:27.262Open2172C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 23:46:27.262Open2172C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 23:46:27.309Open2172C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 23:46:27.356Open2172C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 23:46:27.403Open2172C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 23:46:27.403Open2172C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 23:46:27.450Open2172C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 23:46:27.450Open2172C:\malware.exeC:\Windows\Fonts\roman.fon
21/9/2020 - 23:46:27.450Open2172C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 23:46:27.543Open2172C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 23:46:27.543Open2172C:\malware.exeC:\Windows\Fonts\script.fon
21/9/2020 - 23:46:27.543Open2172C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 23:46:27.590Open2172C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 23:46:27.590Open2172C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 23:46:27.684Open2172C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 23:46:27.731Open2172C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 23:46:27.731Open2172C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 23:46:27.825Open2172C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 23:46:27.825Open2172C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 23:46:27.965Open2172C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 23:46:27.965Open2172C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 23:46:28.12Open2172C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 23:46:28.12Open2172C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 23:46:28.59Open2172C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 23:46:28.59Open2172C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 23:46:28.153Open2172C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 23:46:28.153Open2172C:\malware.exeC:\Windows\Fonts\smallf.fon
21/9/2020 - 23:46:28.153Open2172C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\app850.fon
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 23:46:28.200Open2172C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 23:46:28.247Open2172C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 23:46:28.247Open2172C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 23:46:28.293Open2172C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 23:46:28.293Open2172C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 23:46:28.340Open2172C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 23:46:28.340Open2172C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 23:46:28.387Open2172C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 23:46:28.387Open2172C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 23:46:28.434Open2172C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 23:46:28.434Open2172C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 23:46:28.528Open2172C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 23:46:28.528Open2172C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 23:46:28.575Open2172C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 23:46:28.575Open2172C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 23:46:28.622Open2172C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 23:46:28.622Open2172C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 23:46:28.668Open2172C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 23:46:28.668Open2172C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 23:46:28.715Open2172C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 23:46:28.762Open2172C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 23:46:28.762Open2172C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 23:46:28.809Open2172C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\coure.fon
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 23:46:28.825Open2172C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 23:46:28.840Open2172C:\malware.exeC:\Windows\Fonts\vgafix.fon
21/9/2020 - 23:46:28.840Open2172C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 23:46:28.840Open2172C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 23:46:28.887Open2172C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 23:46:28.903Open2172C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 23:46:28.918Open2172C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 23:46:28.918Open2172C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\modern.fon
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 23:46:28.965Open2172C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\serife.fon
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\roman.fon
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\script.fon
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 23:46:28.981Open2172C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 23:46:28.997Open2172C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 23:46:28.997Open2172C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 23:46:28.997Open2172C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 23:46:28.997Open2172C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\smallf.fon
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\app850.fon
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 23:46:29.43Open2172C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 23:46:29.59Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:29.59Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:29.59Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:29.59Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:29.59Open2172C:\malware.exeC:\malware.exe
21/9/2020 - 23:46:29.59Read2172C:\malware.exeC:\malware.exe
21/9/2020 - 23:46:29.75Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:29.75Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:29.75Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:29.75Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:29.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 23:46:39.168Unknown2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 23:46:39.168Unknown2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Secur32.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 23:46:39.168Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 23:46:39.168Unknown2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 23:46:39.168Open2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 23:46:39.168Unknown2172C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/9/2020 - 23:46:39.215Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
21/9/2020 - 23:46:39.215Open2172C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 23:46:39.215Open2172C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 23:46:39.215Open2172C:\malware.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 23:46:39.215Open2172C:\malware.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\IPHLPAPI.DLL
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\WINNSI.DLL
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\DNSAPI.dll
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 23:46:39.262Open2172C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/9/2020 - 23:46:39.309Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
21/9/2020 - 23:46:39.309Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
21/9/2020 - 23:46:39.403Open2172C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
21/9/2020 - 23:46:39.403Open2172C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
21/9/2020 - 23:46:39.403Open2172C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
21/9/2020 - 23:46:39.403Open2172C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
21/9/2020 - 23:46:39.450Open2172C:\malware.exeC:\dhcpcsvc6.DLL
21/9/2020 - 23:46:39.450Open2172C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/9/2020 - 23:46:39.450Unknown2172C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/9/2020 - 23:46:39.450Open2172C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/9/2020 - 23:46:39.450Unknown2172C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\dhcpcsvc.DLL
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\CRYPTSP.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\RpcRtRemote.dll
21/9/2020 - 23:46:39.497Open2172C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 23:46:39.512Unknown2172C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 23:46:39.512Open2172C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 23:46:39.512Unknown2172C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 23:46:39.559Open2172C:\malware.exeC:\rasadhlp.dll
21/9/2020 - 23:46:39.559Open2172C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
21/9/2020 - 23:46:39.559Open2172C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
21/9/2020 - 23:46:39.606Open2172C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
21/9/2020 - 23:46:39.606Open2172C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
21/9/2020 - 23:46:39.793Open2172C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/9/2020 - 23:46:39.793Open2172C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\SysWOW64\wininet.dll
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\malware.exe.Local
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 23:46:39.887Unknown2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 23:46:39.887Open2172C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:39.903Open2172C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/9/2020 - 23:46:40.12Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 23:46:40.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 23:46:40.12Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ROOBtoolz0[1].htm
21/9/2020 - 23:46:40.12Write2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ROOBtoolz0[1].htmROOBtoolz0[1].htm
21/9/2020 - 23:46:40.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ROOBtoolz0[1].htmROOBtoolz0[1].htm
21/9/2020 - 23:46:40.12Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:46:40.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:46:40.12Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:46:40.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:46:40.12Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:46:40.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\credssp.dll
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Windows\SysWOW64\credssp.dll
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Windows\SysWOW64\credssp.dll
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Windows\SysWOW64\schannel.dll
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Windows\SysWOW64\schannel.dll
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:46:40.200Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:46:40.200Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:46:40.200Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:46:40.200Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:46:40.825Open2172C:\malware.exeC:\Windows\SysWOW64\wininet.dll
21/9/2020 - 23:46:40.825Open2172C:\malware.exeC:\Windows\SysWOW64\wininet.dll
21/9/2020 - 23:46:45.325Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:45.325Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:52.372Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:52.372Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:46:52.372Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin\H095L316R5X0
21/9/2020 - 23:47:1.387Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:47:1.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Afirechrowin
21/9/2020 - 23:47:3.293Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 23:47:3.293Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 23:47:3.293Open2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\notify[1].htm
21/9/2020 - 23:47:3.293Write2172C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\notify[1].htmnotify[1].htm
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\ncrypt.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\bcrypt.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
21/9/2020 - 23:47:4.28Unknown2172C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
21/9/2020 - 23:47:4.28Open2172C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
21/9/2020 - 23:47:4.28Unknown2172C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
21/9/2020 - 23:47:4.43Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:47:4.43Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:47:4.43Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:47:4.43Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:47:4.43Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:47:4.43Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:47:4.43Open2172C:\malware.exeC:\GPAPI.dll
21/9/2020 - 23:47:4.43Open2172C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
21/9/2020 - 23:47:4.43Open2172C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\cryptnet.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.153Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\SensApi.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
21/9/2020 - 23:47:4.153Open2172C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\WINHTTP.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\webio.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 23:47:4.247Open2172C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
21/9/2020 - 23:47:4.340Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.340Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.340Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.340Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:4.340Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:6.356Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.356Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_C95AFE779A09B6B8C03D47AD8998ACC3
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.387Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:6.434Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.434Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.434Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.434Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.434Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.434Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:6.575Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.575Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.575Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.575Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:6.575Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.278Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.278Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.434Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.434Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.434Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.434Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.434Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.434Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.434Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.434Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.434Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:7.481Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.481Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
21/9/2020 - 23:47:7.497Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.497Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.497Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.497Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:7.497Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.28Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.28Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.28Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.28Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.43Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.43Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.43Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.43Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.43Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.106Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:8.106Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:8.106Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:8.106Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:8.106Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.137Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD6E4E74A4D16ED836D880F7672AA5FB
21/9/2020 - 23:47:8.372Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.372Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.372Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.372Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.372Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:8.997Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.997Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.997Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.997Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:8.997Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.997Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.997Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.997Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:8.997Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Read2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Write2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Unknown2172C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A7A2DFF48B727AC35AE334871C358885A7A2DFF48B727AC35AE334871C358885
21/9/2020 - 23:47:9.12Open2172C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 23:47:9.28Open2172C:\malware.exeC:\Windows\SysWOW64\ole32.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
21/9/2020 - 23:46:39.262Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
21/9/2020 - 23:46:39.262Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
21/9/2020 - 23:46:39.262Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
21/9/2020 - 23:46:39.262Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
21/9/2020 - 23:46:39.262Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
21/9/2020 - 23:46:39.309Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
21/9/2020 - 23:46:39.309Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
21/9/2020 - 23:46:39.309Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
21/9/2020 - 23:46:39.653Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 23:46:39.653Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 23:46:39.653Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 23:46:39.653Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 23:46:40.153Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 23:46:40.153Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 23:46:40.153Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 23:46:40.153Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/9/2020 - 23:46:41.28Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 23:46:41.28Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 23:46:41.28Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/9/2020 - 23:46:41.28Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 23:46:41.28Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/9/2020 - 23:46:41.28Write2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/9/2020 - 23:46:41.28Delete2172C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/9/2020 - 23:47:4.153Write2172C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 23:47:4.153Write2172C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 23:47:4.153Write2172C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 23:47:4.153Write2172C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 23:47:4.153Write2172C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code www.biltag.nu.
computer localhost arrow_forward computer gateway:DNS code www.immensum.com.br.
computer localhost arrow_forward computer gateway:50043 code isrg.trustid.ocsp.identrust.com.
computer localhost arrow_forward computer gateway:DNS code isrg.trustid.ocsp.identrust.com.
computer localhost arrow_forward computer gateway:59829 code apps.identrust.com.
computer localhost arrow_forward computer gateway:49551 code crl.identrust.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.int-x3.letsencrypt.org.
computer localhost arrow_forward computer gateway:54285 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code apps.identrust.com.
computer localhost arrow_forward computer gateway:51595 code ocsp.int-x3.letsencrypt.org.
computer localhost arrow_forward computer gateway:DNS code crl.identrust.com.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:50273 code www.immensum.com.br.

Response
computer gateway:DNS arrow_forward computer localhost code www.immensum.com.br. reply_all 45.71.212.5

computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255

computer gateway:DNS arrow_forward computer localhost code crl.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code isrg.trustid.ocsp.identrust.com. reply_all 186.192.152.200

computer gateway:DNS arrow_forward computer localhost code apps.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code ocsp.int-x3.letsencrypt.org. reply_all 186.192.152.218

computer gateway:DNS arrow_forward computer localhost code www.biltag.nu. reply_all 206.189.121.57


TCP
Info
computer localhost:65192 arrow_forward help_outline 45.71.212.5:80
computer localhost:65195 arrow_forward help_outline 45.71.212.5:443
computer localhost:65196 arrow_forward 206.189.121.57:80
help_outline 45.71.212.5:443 arrow_forward computer localhost:65194
help_outline 45.71.212.5:80 arrow_forward computer localhost:65192
206.189.121.57:443 arrow_forward computer localhost:65197
computer localhost:65201 arrow_forward 186.192.152.209:80
186.192.152.219:80 arrow_forward computer localhost:65199
computer localhost:65200 arrow_forward 192.35.177.64:80
computer localhost:65194 arrow_forward help_outline 45.71.212.5:443
computer localhost:65198 arrow_forward 192.35.177.64:80
help_outline 45.71.212.5:443 arrow_forward computer localhost:65193
computer localhost:65199 arrow_forward 186.192.152.219:80
192.35.177.64:80 arrow_forward computer localhost:65198
computer localhost:65197 arrow_forward 206.189.121.57:443
192.35.177.64:80 arrow_forward computer localhost:65200
computer localhost:65193 arrow_forward help_outline 45.71.212.5:443
186.192.152.209:80 arrow_forward computer localhost:65201
help_outline 45.71.212.5:443 arrow_forward computer localhost:65195
206.189.121.57:80 arrow_forward computer localhost:65196

UDP
Info
computer localhost:51595 arrow_forward computer localhost:53
computer localhost:49551 arrow_forward computer localhost:53
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:54285 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:51595
computer localhost:53 arrow_forward computer localhost:49551
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:54285
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET www.biltag.nu attach_file /cont/xrd/notify.php
computer localhost send GET ocsp.int-x3.letsencrypt.org attach_file /MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgRdlBk8LKPNU6NjdP6IY4icXg%3D%3D
computer localhost send GET apps.identrust.com attach_file /roots/dstrootcax3.p7c
computer localhost send GET isrg.trustid.ocsp.identrust.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
computer localhost send GET www.immensum.com.br help_outline attach_file /arq/ROOBtoolz0.zip?3d4f5g6h7j8kxx
computer localhost send GET crl.identrust.com attach_file /DSTROOTCAX3CRL.crl

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 70.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.08%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 93.04%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 92.36%
suspicious: True check_circle

Add to Collection
Download