Report #11788 check_circle

  • Creation Date: Sept. 22, 2020, 5:09 p.m.
  • Last Update: Sept. 22, 2020, 5:13 p.m.
  • File: 78da2.exe
  • Results:
Binary
DLL
False cancel
Size
1.32MB
trid
46.5% Win32 Executable Borland Delphi 7
31.5% Win32 Executable Borland Delphi 5
18.3% Win32 Executable Borland Delphi 6
0.9% Win32 Executable Delphi generic
0.9% Windows screen saver
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
903aae7c6cb1ad71f22ece36e6c6e749
sha1
ff567eb02b1facbbcddcacedebbef10d9370852b
crc32
0x6b60db8c
sha224
c7b50f1695f2b4011dc30230699e6d42e3d73ee714df839daff6ce96
sha256
06e2b92fd1dcfad3fa8f5f66feb90fadf692f4d9e0244381ad1a97e5e1d7a203
sha384
7e4b05323822422584b3323cd240040e607dc939bd13716ed8c2da37f273c9aa60ab76223c5654e9400a31a052e6b295
sha512
1c74116605514255d8167814468937e1a184d278e2e9c2326fd7772e378321fbeb7aee93aaddf29beb833bc2f4610cf4ecc1a32474ae5c395783a3c714f679cd
ssdeep
24576:62Z2ZBpW5ASXQy0C2vn0023Yi3mxtobloFVKcHTU+EJ:6Nugw2vn+3nigEKQTPC
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, win_private_profile, Borland_Delphi_30_, network_dropper, CRC32_poly_Constant, BASE64_table, Delphi_DecodeDate, RIPEMD160_Constants, borland_delphi, Delphi_FormShow, BobSoftMiniDelphiBoBBobSoft, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, contentis_base64, screenshot, Borland_Delphi_v40_v50, keylogger, win_mutex, Borland_Delphi_40_additional, Borland_Delphi_40, Delphi_Random, IsWindowsGUI, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious
True check_circle

Strings
List
http://www.aura.krakow.pl/wp-content/uploads/2009/08/IMG40/notify.php
the appropriate version of this product at http://www.componentace.com
Web site: http://www.componentace.com
c:\program files (x86)\borland\delphi7\Lib\AdvTBXPVS.pas
t.Ht
Font.Style
Font.Name
Font.Name
Font.Style
Font.Style
Font.Name
Font.Name
Font.Style
Uh.LA
https://rebrand.ly/17a6
IsTriSS52101.AAA
Invalid compressed size, rfs.size = %d, count = %d
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
feel free to contact us at support@componentace.com
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
\Software\Borland\C++Builder
\Software\Borland\Delphi
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
\Software\Borland\BDS
comctl32.dll
olepro32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
version.dll
vcltest3.dll
uxtheme.dll
uxtheme.dll
wininet.dll
SHFolder.dll
RdPS
6.0.2.1
6.0.2.1
Hashed list of file names is invalid
Password for "%s"
""fD**~T
1 1+1=1N1[1a1h1n1s1y1
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
Software\Microsoft\Office\12.0\Common
Software\Microsoft\Office\14.0\Common
Software\Microsoft\Office\12.0\Common
Software\Microsoft\Office\14.0\Common
Software\Microsoft\Office\14.0\Common\General
Software\Microsoft\Office\11.0\Common\General
Software\Microsoft\Office\12.0\Common\General
5%5.5A5T5
JumpID("","%s")
5%9A9O9
ImeMode8fD
ImeMode8fD
ImeMode8fD
Cl&ose if found
Delete currently selected item
OnExecute@
Apartment
Sub-menu is not in menu
Cannot compress file '%s'. Zip64 mode is not enabled
Wrap at the end of file
Wrap at the end of file
Wrap at the end of file
Division by zero
AdvDWM
Stage
TaskbarCreated
poDelete
BevelKinddfD
Selected
GdipDeleteFont
Rebuild
GdipDeletePen
BevelEdgesdfD
BevelKinddfD
GdipDeletePath
BorderStyleHfD
GdipDeleteRegion
bsSizeToolWin
BevelKinddfD
BevelEdgesdfD
ToolWin
August September
BevelEdgesdfD
GdiplusShutdown
Unexpected nil pointer
Too many open files
Assertion failed
cbUnchecked cbChecked
dsSelected
Internal error. Update is not started
GdipDeleteBrush

Foremost
Matches
2671.bmp, 1 KB, 2674.bmp, 1 KB, 2678.bmp, 1 KB, 2681.bmp, 1 KB, 2685.bmp, 1 KB, 2688.bmp, 822 B, 2690.bmp, 1 KB, 2694.bmp, 1 KB, 2697.bmp, 1 KB, 2700.bmp, 1 KB, 0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 6.0.2.1, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://rebrand.ly/17a6, http://www.componentace.com, http://www.aura.krakow.pl/wp-content/uploads/2009/08/img40/notify.php
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: http://www.aura.krakow.pl/wp-content/uploads/2009/08/IMG40/notify.php, URLMON.DLL, MAPI32.DLL, wininet.dll, user32.dll, uxtheme.dll, COMCTL32.DLL, ole32.dll, imm32.dll, advapi32.dll, SHFolder.dll, gdi32.dll, gdiplus.dll, DWMAPI.DLL, oleaut32.dll, kernel32.dll, vcltest3.dll, olepro32.dll, shell32.dll, version.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 221696
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1169892
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: urlmon.dll, mapi32.dll, wininet.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, shfolder.dll, gdi32.dll, gdiplus.dll, dwmapi.dll, oleaut32.dll, kernel32.dll, olepro32.dll, shell32.dll, version.dll
hasLibs: True check_circle
Suspicious: vcltest3.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: BobSoft Mini Delphi -> BoB / BobSoft
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0, Borland Delphi v6.0 - v7.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 133
.rsrc: 38
.idata: 1

pushpopmath
none: 24
.rsrc: 17
.reloc: 44

garbagebytes
none: 127
.rsrc: 7
.idata: 1

hookdetection
none: 2
.reloc: 3

software breakpoint
none: 5
.reloc: 15

programcontrolflowchange
none: 127
.rsrc: 7
.idata: 1

cpuinstructionsresultscomparison
none: 33
.rsrc: 22
.reloc: 2

AVclass
banload
1
VirusTotal
md5
903aae7c6cb1ad71f22ece36e6c6e749
sha1
ff567eb02b1facbbcddcacedebbef10d9370852b
SCANS (DETECTION RATE = 66.18%)
AVG
result: Win32:Banker-NAU [Trj]
update: 20180723
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180722
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20180723
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180719
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 00507f771 )
update: 20180723
version: 10.54.27832
detected: True check_circle

ALYac
result: Gen:Variant.Graftor.317088
update: 20180723
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Banker-NAU [Trj]
update: 20180723
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1024171
update: 20180722
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180717
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.DITT-4267
update: 20180722
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180722
version: 7.0.33.6080
detected: False cancel

GData
result: Gen:Variant.Graftor.317088
update: 20180722
version: A:25.17855B:25.12788
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180722
version: 4.6.4.2
detected: True check_circle

VBA32
result: suspected of Trojan.Downloader.gen.h
update: 20180720
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180722
version: 68310
detected: True check_circle

Zoner
update: 20180723
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180723
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180722
version: 0.100.1.0
detected: False cancel

Comodo
update: 20180723
detected: False cancel

F-Prot
update: 20180722
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180722
version: 0.1.5.2
detected: True check_circle

McAfee
result: Trojan-FLPV!903AAE7C6CB1
update: 20180722
version: 6.0.6.653
detected: True check_circle

Rising
result: Downloader.Banload!8.15B (CLOUD)
update: 20180722
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180722
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!zyOEMWLrCvQ
update: 20180720
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.77369
update: 20180720
version: 2.0.0.3599
detected: True check_circle

Arcabit
result: Trojan.Graftor.D4D6A0
update: 20180723
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
update: 20180723
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20180711
version: 3.0.0
detected: True check_circle

TACHYON
update: 20180722
version: 2018-07-22.02
detected: False cancel

Tencent
result: Win32.Trojan.Dldr.Hprm
update: 20180723
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180722
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180723
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180723
detected: False cancel

Ad-Aware
result: Gen:Variant.Graftor.317088
update: 20180723
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Gen.Variant.Graftor!c
update: 20180722
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Graftor.317088 (B)
update: 20180722
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Gen:Variant.Graftor.317088
update: 20180722
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.XVM!tr.dldr
update: 20180722
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180717
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180723
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180723
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180723
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180722
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Malware/Win32.Generic.C1854666
update: 20180722
version: 3.13.1.21452
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.TSGeneric
update: 20180723
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20180722
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180722
version: 1.1.15100.1
detected: False cancel

Qihoo-360
result: Win32/Trojan.5dc
update: 20180723
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180722
version: 6.8.0.5.3436
detected: False cancel

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20180722
version: 1.0
detected: True check_circle

Cybereason
result: malicious.c6cb1a
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.XVM
update: 20180723
version: 17758
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0PBF18
update: 20180723
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Graftor.317088
update: 20180723
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 00507f771 )
update: 20180722
version: 10.54.27832
detected: True check_circle

SentinelOne
update: 20180701
version: 1.0.17.227
detected: False cancel

Avast-Mobile
update: 20180722
version: 180722-04
detected: False cancel

Malwarebytes
update: 20180723
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180722
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.IGENERIC
update: 20180722
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.emlqje
update: 20180723
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Graftor.317088
update: 20180722
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180722
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Dropper.th
update: 20180722
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0PBF18
update: 20180723
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
06e2b92fd1dcfad3fa8f5f66feb90fadf692f4d9e0244381ad1a97e5e1d7a203
scan_id
06e2b92fd1dcfad3fa8f5f66feb90fadf692f4d9e0244381ad1a97e5e1d7a203-1532305468
resource
903aae7c6cb1ad71f22ece36e6c6e749
positives
45
scan_date
2018-07-23 00:24:28
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
22/9/2020 - 16:46:3.950Open2692C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 16:46:3.950Open2692C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
22/9/2020 - 16:46:3.950Read2692C:\malware.exeC:\malware.exe
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\malware.exe.Local
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:4.137Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\WindowsShell.Manifest
22/9/2020 - 16:46:4.137Unknown2692C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Windows\Fonts\sserife.fon
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:4.137Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:4.137Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:4.137Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:4.137Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:4.137Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 16:46:6.184Unknown2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 16:46:6.184Unknown2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Secur32.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Windows\SysWOW64\secur32.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Windows\SysWOW64\secur32.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 16:46:6.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 16:46:6.184Unknown2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 16:46:6.184Open2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 16:46:6.184Unknown2692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:6.231Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:6.231Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:6.231Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\IPHLPAPI.DLL
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\WINNSI.DLL
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\DNSAPI.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 16:46:6.231Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
22/9/2020 - 16:46:6.293Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
22/9/2020 - 16:46:6.293Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
22/9/2020 - 16:46:6.387Open2692C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
22/9/2020 - 16:46:6.387Open2692C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
22/9/2020 - 16:46:6.387Open2692C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 16:46:6.387Open2692C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
22/9/2020 - 16:46:6.434Open2692C:\malware.exeC:\dhcpcsvc6.DLL
22/9/2020 - 16:46:6.434Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
22/9/2020 - 16:46:6.434Unknown2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
22/9/2020 - 16:46:6.434Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
22/9/2020 - 16:46:6.434Unknown2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\dhcpcsvc.DLL
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\CRYPTSP.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\RpcRtRemote.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 16:46:6.481Unknown2692C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 16:46:6.481Open2692C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
22/9/2020 - 16:46:6.481Unknown2692C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
22/9/2020 - 16:46:6.543Open2692C:\malware.exeC:\rasadhlp.dll
22/9/2020 - 16:46:6.543Open2692C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 16:46:6.543Open2692C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
22/9/2020 - 16:46:6.590Open2692C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
22/9/2020 - 16:46:6.590Open2692C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
22/9/2020 - 16:46:6.997Open2692C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 16:46:6.997Open2692C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wininet.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\malware.exe.Local
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:7.75Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wship6.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.75Open2692C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\credssp.dll
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Windows\SysWOW64\credssp.dll
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Windows\SysWOW64\credssp.dll
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Windows\SysWOW64\schannel.dll
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Windows\SysWOW64\schannel.dll
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:7.215Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:7.215Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:7.215Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:7.215Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\ncrypt.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\bcrypt.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
22/9/2020 - 16:46:7.543Unknown2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
22/9/2020 - 16:46:7.543Unknown2692C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:7.543Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:7.543Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:7.543Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:7.543Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:7.559Open2692C:\malware.exeC:\GPAPI.dll
22/9/2020 - 16:46:7.559Open2692C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
22/9/2020 - 16:46:7.559Open2692C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:7.606Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:7.606Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:7.606Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
22/9/2020 - 16:46:7.606Unknown2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
22/9/2020 - 16:46:7.606Unknown2692C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 16:46:7.606Open2692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\cryptnet.dll
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_AD876BD6070522D4EE8560FE72EBB41A
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5FD5BF0CE6372B1CAFE381FD0BC969C
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\SensApi.dll
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
22/9/2020 - 16:46:7.622Open2692C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
22/9/2020 - 16:46:7.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:7.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\WINHTTP.dll
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\webio.dll
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\Windows\SysWOW64\webio.dll
22/9/2020 - 16:46:7.715Open2692C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
22/9/2020 - 16:46:7.809Open2692C:\malware.exeC:\Windows\SysWOW64\wininet.dll
22/9/2020 - 16:46:7.809Open2692C:\malware.exeC:\Windows\SysWOW64\wininet.dll
22/9/2020 - 16:46:7.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:7.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.153Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.153Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.153Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.153Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.153Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.153Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.153Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.168Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.168Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.168Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.168Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.168Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.168Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.168Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2DEB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_5F4A6047A3FBCAF69FE9965B6C68B6B7
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.184Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:9.247Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.247Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.247Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.247Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.247Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.247Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.387Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.387Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.387Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.387Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.387Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.528Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.528Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.762Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.762Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.762Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.762Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.762Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.762Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.762Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.762Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.762Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:9.918Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:9.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
22/9/2020 - 16:46:10.43Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.43Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.43Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.43Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.43Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.637Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.637Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\67F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\67F6625BC22310D5C99DDE12020DBD9067F6625BC22310D5C99DDE12020DBD90
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.653Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_92D8A93F0E9D94E042B72FD11460B9BB
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.668Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:10.715Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.715Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.715Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.715Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.715Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.715Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:10.950Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.950Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.950Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.950Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:10.950Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.106Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.106Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.231Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.231Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.231Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.231Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.231Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.231Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.231Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.231Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.231Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.356Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.356Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93928BEEFA609053F205E5FDD769FADAE9_87B0E007497F364B73B12596DD699E93
22/9/2020 - 16:46:11.450Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.450Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.450Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.450Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.450Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.793Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.793Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.793Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.793Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.793Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.793Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.793Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.793Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.793Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.809Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.809Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.809Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
22/9/2020 - 16:46:11.809Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.809Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.825Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow
22/9/2020 - 16:46:11.825Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.825Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
22/9/2020 - 16:46:11.825Open2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Read2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Write2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.825Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:11.840Unknown2692C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AA04AA0E1A0CA481158DB3804249026CAA04AA0E1A0CA481158DB3804249026C
22/9/2020 - 16:46:13.918Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:13.918Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:20.965Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:20.965Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:22.981Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:22.981Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo
22/9/2020 - 16:46:26.90Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
22/9/2020 - 16:46:26.90Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
22/9/2020 - 16:46:26.90Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\notify[1].htm
22/9/2020 - 16:46:26.90Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\notify[1].htmnotify[1].htm
22/9/2020 - 16:46:28.106Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\78grupo\IsTriSS52101.AAA
22/9/2020 - 16:46:30.122Open2692C:\malware.exeC:\Users\Behemot\AppData\Local\IsTriSS52101.AAA
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Monitor
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
22/9/2020 - 16:46:32.262Unknown2692C:\malware.exeC:\Users\Behemot\AppData\Local\IsTriSS52101.AAAIsTriSS52101.AAA

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
22/9/2020 - 16:46:6.231Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
22/9/2020 - 16:46:6.231Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
22/9/2020 - 16:46:6.231Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
22/9/2020 - 16:46:6.231Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
22/9/2020 - 16:46:6.231Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
22/9/2020 - 16:46:6.293Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
22/9/2020 - 16:46:6.293Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
22/9/2020 - 16:46:6.293Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
22/9/2020 - 16:46:6.684Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
22/9/2020 - 16:46:6.684Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
22/9/2020 - 16:46:6.684Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
22/9/2020 - 16:46:6.684Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
22/9/2020 - 16:46:7.606Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 16:46:7.606Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 16:46:7.606Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 16:46:7.606Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 16:46:7.606Write2692C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
22/9/2020 - 16:46:8.12Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
22/9/2020 - 16:46:8.12Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
22/9/2020 - 16:46:8.12Write2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
22/9/2020 - 16:46:8.12Delete2692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
22/9/2020 - 16:46:11.903Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates2796BAE63F1801E277261BA0D77770028F20EEE4
22/9/2020 - 16:46:11.903Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4Blob
22/9/2020 - 16:46:11.903Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates2796BAE63F1801E277261BA0D77770028F20EEE4
22/9/2020 - 16:46:11.903Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4Blob
22/9/2020 - 16:46:11.903Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates2796BAE63F1801E277261BA0D77770028F20EEE4
22/9/2020 - 16:46:11.903Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4Blob
22/9/2020 - 16:46:11.903Delete2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates2796BAE63F1801E277261BA0D77770028F20EEE4
22/9/2020 - 16:46:11.903Write2692C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4Blob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50043 code www.aura.krakow.pl.
computer localhost arrow_forward computer gateway:50273 code rebrand.ly.
computer localhost arrow_forward computer gateway:DNS code ocsp.godaddy.com.
computer localhost arrow_forward computer gateway:59829 code crl.godaddy.com.
computer localhost arrow_forward computer gateway:DNS code www.aura.krakow.pl.
computer localhost arrow_forward computer gateway:DNS code rebrand.ly.
computer localhost arrow_forward computer gateway:DNS code crl.godaddy.com.

Response
computer gateway:DNS arrow_forward computer localhost code www.aura.krakow.pl. reply_all 193.105.32.185

computer gateway:DNS arrow_forward computer localhost code crl.godaddy.com. reply_all 192.124.249.36

computer gateway:DNS arrow_forward computer localhost code rebrand.ly. reply_all 3.211.45.36

computer gateway:DNS arrow_forward computer localhost code ocsp.godaddy.com. reply_all 192.124.249.22


TCP
Info
help_outline 192.124.249.23:80 arrow_forward computer localhost:65193
computer localhost:65195 arrow_forward 193.105.32.185:80
3.210.116.167:443 arrow_forward computer localhost:65192
computer localhost:65192 arrow_forward 3.210.116.167:443
computer localhost:65193 arrow_forward help_outline 192.124.249.23:80
193.105.32.185:80 arrow_forward computer localhost:65195
help_outline 192.124.249.31:80 arrow_forward computer localhost:65194
computer localhost:65194 arrow_forward help_outline 192.124.249.31:80

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:50044 arrow_forward help_outline 239.255.255.250:3702
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:3702 arrow_forward computer localhost:63797
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET crl.godaddy.com help_outline attach_file /gdig2s1-1960.crl
computer localhost send GET ocsp.godaddy.com help_outline attach_file //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
computer localhost send GET www.aura.krakow.pl attach_file /wp-content/uploads/2009/08/IMG40/notify.php
computer localhost send GET ocsp.godaddy.com help_outline attach_file //MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCG4cr1RWVQ3%2B
computer localhost send GET ocsp.godaddy.com help_outline attach_file //MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
computer localhost send GET crl.godaddy.com help_outline attach_file /gdroot-g2.crl

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 72.50%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 67.76%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 55.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 86.16%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: True check_circle

Add to Collection
Download