Report #5310 check_circle

  • Creation Date: Nov. 21, 2019, 5:42 p.m.
  • Last Update: Nov. 21, 2019, 5:48 p.m.
  • File: 001
  • Results:
Binary
DLL
False cancel
Size
304.75KB
trid
64.5% Win32 Executable MS Visual C++
13.6% Win32 Dynamic Link Library
9.3% Win32 Executable
4.1% OS/2 Executable
4.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
c34a5f5fc1152632b9b1f965419386f6
sha1
2d3de2a099d2f88893817e11f5a54348f9dca960
crc32
0xde19cb22
sha224
87a7839b6f29067e9aad352ef40010f2bcc4a001df0a2799a99b0936
sha256
a771a51473ab688e632ba4e6717f3fc7d687e75fa8fb9a263dca1cbe391631e0
sha384
4685247c32133f73e8927025118b336424a6dd09689e94e3f216022e741b18130bdc6b282007e6a0ee5f1f824a0120e5
sha512
a56459956f9e4e82732bcb47b951434a52d7d31b8650c1dc7b3e1f8d944cfa4bb9fc498d3efa3ede9ad3389554312a72b88025fdd8cf4da1973d0b4280755569
ssdeep
3072:6Gy1dMUj1E4X4Lc5tecXsCSKBi+8sGHBN19pg5Npu21gCpvxOlwj3E/1em3EKUlw:651dMmt1cCSKkhfgHpuhIAwjOgIqlOj
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
domain, anti_dbg, HasRichSignature, contentis_base64, IsPacked, HasOverlay, win_files_operation, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
MSIMG32.dll
fr-ca
fr-be
fr-ch
no space on device
no such process
resource deadlock would occur
no such device or address
operation in progress
no such device
device or resource busy
value too large
too many links
too many files open in system
file too large
too many files open
operation canceled
operation not permitted
sojevilohamocugorozota.txt
mscoree.dll
network_down
network_reset
host_unreachable
permission_denied
not_a_socket
- abort() has been called
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
operation_would_block
identifier removed
operation would block
IsDebuggerPresent
executable format error
TerminateProcess
too many symbolic link levels
VirtualAlloc
permission denied
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
WriteFile
CreateFileW
LoadLibraryW
LC_CTYPE
ReadFile
host unreachable
LC_COLLATE
LC_NUMERIC
LC_MONETARY
network reset
network down
broken pipe
LC_TIME
not a socket
Sleep
system
network_unreachable
GetCPInfo
fr-LU
fr-CA
fr-CH
GetProcessHeap
1"1(10151;1C1H1N1V1[1a1i1n1t1|1
30373<3@3D3e3
network unreachable
2-2B2L2e2o2|2
.?AVbad_cast@std@@
--- cccRRRHTTyyyuuu
2e$2e$2e$2e$2e$MP
WINSPOOL.DRV
2e$2e$MP
--- cccRRRHHTyyy[[[;;;;;;
3 3$3034383@3D3H3L3P3
wrong_protocol_type
no_protocol_option
1(10181@1D1H1P1d1l1t1|1
protocol_not_supported
L2P2T2X2\2`2d2h2l2p2t2x2|2
_nextafter
="=:=@=I=O=Y=d=
.?AV?$_Iosb@H@std@@
3 3,383D3P3\3h3t3
\#,S)*hu
operation_in_progress
no_buffer_space
__vectorcall
.?AVios_base@std@@
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
L0@1D1H1L1P1T1X1\1`1d1h1
destination_address_required
invalid_argument
`1d1h1l1p1t1x1|1
bad_address
pr-china
timed_out
.?AVfacet@locale@std@@
filename_too_long

Foremost
Matches
0.exe, 304 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll, USER32.DLL, kernel32.dll, MSIMG32.dll
hasFiles: True check_circle
Suspicious: sojevilohamocugorozota.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 191488
Suspicious: False cancel
Image
Address: 67108864
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 366213
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 12.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 39175
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: mscoree.dll, user32.dll, kernel32.dll, msimg32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2018-07-03 02:31:59
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
cutwail
1
VirusTotal
md5
c34a5f5fc1152632b9b1f965419386f6
sha1
2d3de2a099d2f88893817e11f5a54348f9dca960
SCANS (DETECTION RATE = 83.10%)
AVG
result: Win32:Malware-gen
update: 20191020
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=95)
update: 20191020
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20191019
version: 5.75
detected: True check_circle

Bkav
result: W32.RaipescoLTAAY.Trojan
update: 20191018
version: 1.3.0.10239
detected: True check_circle

K7GW
result: Adware ( 00539ed31 )
update: 20191010
version: 11.72.32236
detected: True check_circle

ALYac
result: Trojan.GenericKD.31041385
update: 20191020
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20191020
version: 18.4.3895.0
detected: True check_circle

Avira
result: HEUR/AGEN.1031358
update: 20191020
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20191020
version: 6.2.2.2
detected: False cancel

DrWeb
result: Trojan.DownLoad.64914
update: 20191020
version: 7.0.41.7240
detected: True check_circle

GData
result: Trojan.GenericKD.31041385
update: 20191020
version: A:25.23726B:26.16353
detected: True check_circle

Panda
result: Trj/CI.A
update: 20191019
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.TrojanRansom.GandCrypt
update: 20191018
version: 4.2.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20191020
version: 78714
detected: True check_circle

Zoner
result: Trojan.Win32.64498
update: 20191020
version: 1.0.0.1
detected: True check_circle

ClamAV
result: Win.Packer.Crypter-6614720-1
update: 20191019
version: 0.102.0.0
detected: True check_circle

Comodo
result: TrojWare.Win32.Ransom.GandCrypt.AO@7x3o3y
update: 20191020
version: 31624
detected: True check_circle

F-Prot
update: 20191020
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Ransom.GandCrab
update: 20191019
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXGB-CH!C34A5F5FC115
update: 20191020
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!8.8 (TFE:5:hdtlEgA0CPF)
update: 20191020
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/GandCrab-B
update: 20191020
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Cutwail!CFwj6oDc+qo
update: 20191018
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.GenericKD.Win32.132064
update: 20191018
version: 2.0.0.3929
detected: True check_circle

Acronis
result: suspicious
update: 20191018
version: 1.1.1.58
detected: True check_circle

Alibaba
result: Trojan:Win32/Kryptik.d74e5014
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D1D9A769
update: 20191020
version: 1.0.0.859
detected: True check_circle

Cylance
result: Unsafe
update: 20191020
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.c34a5f5fc1152632
update: 20191020
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20191020
version: 2019-10-20.01
detected: False cancel

Tencent
update: 20191020
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20191019
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Malware.Gen
update: 20191020
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20191020
version: v5.0.6
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.31041385
update: 20191020
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20191020
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.31041385 (B)
update: 20191020
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Heuristic.HEUR/AGEN.1031358
update: 20191020
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/GenKryptik.CNAR!tr
update: 20191020
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Trojan.Cutwail.gm
update: 20191020
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20191020
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20191020
version: 1.0
detected: True check_circle

Symantec
result: Packed.Generic.525
update: 20191019
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190826
version: 3.1.81.800
detected: True check_circle

AhnLab-V3
result: Win-Trojan/MalPe34.Suspicious
update: 20191019
version: 3.16.3.25410
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.NeutrinoPOS
update: 20191020
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20191020
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Ransomeware.GandCrypt.JZ
update: 20191019
version: 1.0.0.1
detected: True check_circle

Microsoft
result: TrojanDropper:Win32/Cutwail
update: 20191020
version: 1.1.16500.1
detected: True check_circle

Qihoo-360
result: HEUR/QVM10.2.4755.Malware.Gen
update: 20191020
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20191020
version: 1.0
detected: True check_circle

Cybereason
result: malicious.fc1152
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Kryptik.GIKZ
update: 20191020
version: 20209
detected: True check_circle

TrendMicro
result: Ransom_GANDCRAB.SMALY-3
update: 20191020
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.31041385
update: 20191020
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Adware ( 00539ed31 )
update: 20191020
version: 11.73.32320
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20191012
version: 191012-04
detected: False cancel

Malwarebytes
result: Trojan.MalPack
update: 20191020
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20191020
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Chapak.ZZ6
update: 20191019
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Cutwail.fewzhb
update: 20191020
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.31041385
update: 20191020
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20191019
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.fc
update: 20191019
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: Ransom_GANDCRAB.SMALY-3
update: 20191020
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
a771a51473ab688e632ba4e6717f3fc7d687e75fa8fb9a263dca1cbe391631e0
scan_id
a771a51473ab688e632ba4e6717f3fc7d687e75fa8fb9a263dca1cbe391631e0-1571543442
resource
c34a5f5fc1152632b9b1f965419386f6
positives
59
scan_date
2019-10-20 03:50:42
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\AppPatch\AppPatch64\sysmain.sdb
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows
21/11/2019 - 16:45:43.434Unknown1480C:\malware.exeC:\Windows
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\splwow64.exe
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\
21/11/2019 - 16:45:43.434Unknown1480C:\malware.exeC:\
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows
21/11/2019 - 16:45:43.434Unknown1480C:\malware.exeC:\Windows
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\splwow64.exe
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\splwow64.exe
21/11/2019 - 16:45:43.434Open1480C:\malware.exeC:\Windows\splwow64.exe
21/11/2019 - 16:45:43.481Open2076C:\Windows\splwow64.exeC:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\sechost.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\sechost.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\WINSPOOL.DRV
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\winspool.drv
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\winspool.drv
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\imm32.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\imm32.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\imm32.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\imm32.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\imm32.dll
21/11/2019 - 16:45:43.559Open2076C:\Windows\splwow64.exeC:\Windows\System32\imm32.dll
21/11/2019 - 16:45:43.668Open2076C:\Windows\splwow64.exeC:\Windows\RpcRtRemote.dll
21/11/2019 - 16:45:43.668Open2076C:\Windows\splwow64.exeC:\Windows\System32\RpcRtRemote.dll
21/11/2019 - 16:45:43.668Unknown2076C:\Windows\splwow64.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
21/11/2019 - 16:45:43.668Open2076C:\Windows\splwow64.exeC:\Windows\System32\RpcRtRemote.dll
21/11/2019 - 16:45:43.668Unknown2076C:\Windows\splwow64.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\secur32.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\secur32.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\secur32.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\SSPICLI.DLL
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\sspicli.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\sspicli.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\cryptsp.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\cryptsp.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\cryptsp.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\credssp.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\credssp.dll
21/11/2019 - 16:45:43.715Open2076C:\Windows\splwow64.exeC:\Windows\System32\credssp.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\IPHLPAPI.DLL
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\WINNSI.DLL
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\version.DLL
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\system\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Monitor\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\msvcr100.dll
21/11/2019 - 16:45:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\msvcr100.dll
21/11/2019 - 16:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\msvcr100.dll
21/11/2019 - 16:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/11/2019 - 16:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/11/2019 - 16:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/11/2019 - 16:45:44.418Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:44.465Read1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\CRYPTSP.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:44.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:44.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:44.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:44.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:44.543Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c883369258f3eede52e0da11e02ceddd7_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.559Open1480C:\malware.exeC:\
21/11/2019 - 16:45:50.559Unknown1480C:\malware.exeC:\
21/11/2019 - 16:45:50.559Open1480C:\malware.exeC:\dhcpcsvc.DLL
21/11/2019 - 16:45:50.559Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/11/2019 - 16:45:50.559Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.606Read1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.606Read1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Write1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Write1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Write1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Write1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Write1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\malware.exe
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\gaszilanfofg.exegaszilanfofg.exe
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Secur32.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/11/2019 - 16:45:50.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/11/2019 - 16:45:50.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/11/2019 - 16:45:50.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
21/11/2019 - 16:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.731Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.731Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
21/11/2019 - 16:45:50.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
21/11/2019 - 16:45:50.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.793Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.793Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/11/2019 - 16:45:50.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
21/11/2019 - 16:45:50.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\DNSAPI.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
21/11/2019 - 16:45:50.793Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/11/2019 - 16:45:50.856Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.903Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.903Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\rasadhlp.dll
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
21/11/2019 - 16:45:50.903Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\dhcpcsvc6.DLL
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/11/2019 - 16:45:50.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/11/2019 - 16:45:50.950Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/11/2019 - 16:45:50.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.997Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.997Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\RpcRtRemote.dll
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/11/2019 - 16:45:50.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/11/2019 - 16:45:50.997Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/11/2019 - 16:45:50.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
21/11/2019 - 16:45:51.90Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.137Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.137Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/11/2019 - 16:45:51.137Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\malware.exe.Local
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/11/2019 - 16:45:51.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
21/11/2019 - 16:45:51.278Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/11/2019 - 16:45:51.278Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.293Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:51.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\bcrypt.dll
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
21/11/2019 - 16:45:51.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
21/11/2019 - 16:45:51.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.372Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\XGO5GE8W.txt
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.387Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.387Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:51.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:51.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.168Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.168Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.309Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
21/11/2019 - 16:45:52.309Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
21/11/2019 - 16:45:52.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:52.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:52.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.512Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NBAGX86X.txt
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:52.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.950Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:52.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:53.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:53.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.215Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\RYXZ81TO.txt
21/11/2019 - 16:45:53.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.356Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.356Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.684Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.684Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.793Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.793Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.934Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:53.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.934Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:53.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.372Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.372Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.465Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.465Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:54.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:54.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.309Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.450Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.450Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.747Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.747Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.856Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.856Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.965Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.965Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.997Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:55.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.997Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:55.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.418Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.418Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.622Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.668Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.668Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.840Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:56.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:56.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:56.840Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\SAOH9S63.txt
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.106Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.106Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.293Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.293Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.715Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.715Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:57.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:57.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.950Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Q43KMGIA.txt
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:57.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\MD50DKDJ.txt
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.981Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:57.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.981Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:57.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.122Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.122Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.168Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.168Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.262Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.262Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.637Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:58.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.637Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:58.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:58.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:58.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.840Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\TTJUBVXU.txt
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\57TUD9J0.txt
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:58.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\NDU3G154.txt
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.293Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.293Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.340Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.512Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.512Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.606Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.762Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:45:59.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.762Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:45:59.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.293Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.293Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.684Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.684Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.872Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:0.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.887Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:0.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:1.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:1.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:1.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:1.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:1.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:1.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:1.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:1.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.106Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:1.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.184Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:1.293Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.293Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.293Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 16:46:1.512Unknown1480C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\
21/11/2019 - 16:46:1.512Unknown1480C:\malware.exeC:\
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows
21/11/2019 - 16:46:1.512Unknown1480C:\malware.exeC:\Windows
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 16:46:1.512Unknown1480C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 16:46:1.512Unknown1480C:\malware.exeC:\Windows\SysWOW64
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.512Read1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.512Read1480C:\malware.exeC:\Windows\SysWOW64\svchost.exe
21/11/2019 - 16:46:1.512Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\Prefetch\SVCHOST.EXE-78C2CCDD.pf
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64win.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64win.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64cpu.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64cpu.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows\System32\wow64log.dll
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Windows
21/11/2019 - 16:46:1.590Unknown1096C:\Windows\SysWOW64\svchost.exeC:\Windows
21/11/2019 - 16:46:1.590Open1096C:\Windows\SysWOW64\svchost.exeC:\Monitor
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.387Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.387Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.528Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:2.528Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.528Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:2.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.225Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:3.225Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:3.225Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:3.225Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:3.225Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.226Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.226Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.227Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:3.227Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:3.227Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:3.227Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:3.227Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.228Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.228Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.297Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:3.297Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:3.297Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.298Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.298Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.299Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.299Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.299Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.299Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\C1N25WYS.txt
21/11/2019 - 16:46:3.323Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:3.323Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:3.323Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:3.323Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:3.324Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.324Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.324Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:3.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:3.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:3.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:3.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.325Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:3.326Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:4.218Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:4.218Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:4.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:4.218Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:4.218Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:5.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:5.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:5.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:5.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.375Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:5.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:5.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:5.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:5.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.390Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.390Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.718Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:5.718Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:5.718Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.734Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.734Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.734Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.734Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\M5F83CO8.txt
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.968Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:5.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.968Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:5.968Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.359Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.359Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:6.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.359Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.359Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.406Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:6.406Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:6.406Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.406Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.406Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.406Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.421Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.421Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.421Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\3SCKSDPQ.txt
21/11/2019 - 16:46:6.453Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:6.453Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:6.453Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.453Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\WAJM1BN5.txt
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.859Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.859Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:6.859Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.859Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.859Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.937Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.937Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:6.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.937Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:6.953Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.343Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:8.343Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:8.343Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.343Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.343Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.343Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.343Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.343Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.343Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UNIY9AK8.txt
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.390Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:8.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.390Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.390Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.812Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:8.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.812Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:8.812Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:9.250Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:9.250Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:9.250Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:9.250Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:9.250Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:10.78Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:10.78Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:10.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:10.78Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:10.78Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:12.562Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:12.562Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:12.562Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:12.562Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:14.875Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:14.875Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:14.875Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:14.875Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:16.78Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:16.78Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:16.78Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:16.78Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:16.78Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:17.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:17.375Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:17.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.375Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.375Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.390Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.390Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.390Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QIVETVS.txt
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:17.421Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:17.421Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:17.421Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:17.421Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:18.921Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:18.921Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:18.921Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:18.921Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.265Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.265Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.265Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.265Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.265Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.390Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.390Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.390Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.390Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.390Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.593Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.593Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.593Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.765Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.765Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:20.765Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.765Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:20.765Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.812Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.812Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:21.812Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.812Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.812Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:21.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:21.937Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:21.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:21.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:21.937Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:21.937Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:21.937Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:21.937Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:21.937Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\FC0ZIIQV.txt
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.31Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.31Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.31Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.31Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.31Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.140Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:22.140Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:22.140Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.140Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.140Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.140Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.140Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.140Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.140Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\92DJANY6.txt
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.203Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.203Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.203Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.203Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.203Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.359Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.359Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.359Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.359Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.359Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.593Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:22.593Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.593Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:22.593Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.187Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:23.187Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:46:23.187Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.187Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.187Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.187Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.187Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.187Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.187Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\GD9QWAK6.txt
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.218Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.218Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:23.218Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.218Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.218Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.312Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.312Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:46:23.312Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.312Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:46:23.312Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:2.93Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:2.93Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:2.93Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:2.93Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:3.609Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:47:3.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:47:3.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.625Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.625Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.625Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\83VHWUAX.txt
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:3.734Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:3.734Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:3.734Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:3.750Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:3.750Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:3.750Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:3.750Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:26.281Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:26.281Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:26.281Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:26.281Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.46Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.46Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:27.46Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.46Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.46Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:27.906Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:47:27.906Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:47:27.906Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.906Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.906Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.906Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.906Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.906Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.906Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\B82S36VF.txt
21/11/2019 - 16:47:27.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:47:27.968Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/11/2019 - 16:47:27.968Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:27.984Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:27.984Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:27.984Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:27.984Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:27.984Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:27.984Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\7QMTN3LZ.txt
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:28.15Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:28.15Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:28.15Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:28.15Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:30.484Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:30.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:30.484Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:30.484Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:31.484Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
21/11/2019 - 16:47:31.484Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:31.484Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c
21/11/2019 - 16:47:31.484Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\c5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628cc5d8393293ce2ba62f117b2c2d55bc3e_fa25e266-6d0f-4de2-813a-bf4374e0628c

Process
Trace
21/11/2019 - 16:45:43.434Create1480C:\malware.exe2076C:\Windows\splwow64.exe
21/11/2019 - 16:46:1.512Create1480C:\malware.exe1096C:\Windows\SysWOW64\svchost.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/11/2019 - 16:45:50.622Write1480C:\malware.exeHKCU\Software\GfadmxkxgoonmWafcokgewe
21/11/2019 - 16:45:50.622Write1480C:\malware.exeHKCU\Software\GfadmxkxgoonmgaszilanfofgJokunxyoger
21/11/2019 - 16:45:50.684Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:45:50.731Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
21/11/2019 - 16:45:50.731Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
21/11/2019 - 16:45:50.731Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
21/11/2019 - 16:45:50.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
21/11/2019 - 16:45:50.793Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
21/11/2019 - 16:45:50.793Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
21/11/2019 - 16:45:50.793Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
21/11/2019 - 16:45:50.793Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
21/11/2019 - 16:45:50.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/11/2019 - 16:45:50.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/11/2019 - 16:45:51.90Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:51.90Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:51.90Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:51.90Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:51.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:51.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:51.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:51.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:51.997Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:51.997Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:51.997Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:51.997Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.309Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.309Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.309Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.309Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.512Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.512Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
21/11/2019 - 16:45:52.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
21/11/2019 - 16:45:52.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
21/11/2019 - 16:45:52.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
21/11/2019 - 16:45:55.700Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:0.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:5.765Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:10.781Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:15.796Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:20.812Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:25.812Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:30.843Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:35.859Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:40.875Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:45.875Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:50.875Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:46:55.875Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:0.875Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:5.906Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:10.906Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:15.906Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:20.937Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:25.953Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:30.984Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:35.984Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:40.984Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:46.0Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:51.0Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:47:56.31Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:1.31Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:6.46Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:11.62Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:16.62Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:21.78Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:26.93Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:31.93Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:36.109Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:41.109Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:46.125Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:51.140Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:48:56.140Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:1.156Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:6.156Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:11.171Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:16.171Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:21.187Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:26.187Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:31.203Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:36.218Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg
21/11/2019 - 16:49:41.234Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Rungaszilanfofg

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:58036 code www.mobilnic.net.
computer localhost arrow_forward computer gateway:63209 code www.tvtools.fi.
computer localhost arrow_forward computer gateway:56298 code www.photo4b.com.
computer localhost arrow_forward computer gateway:DNS code www.edimart.hu.
computer localhost arrow_forward computer gateway:DNS code www.waldi.pl.
computer localhost arrow_forward computer gateway:DNS code www.aevga.com.
computer localhost arrow_forward computer gateway:DNS code www.jroy.net.
computer localhost arrow_forward computer gateway:DNS code www.fe-bauer.de.
computer localhost arrow_forward computer gateway:51874 code www.wkhk.net.
computer localhost arrow_forward computer gateway:DNS code www.fcwcvt.org.
computer localhost arrow_forward computer gateway:DNS code www.crcsi.org.
computer localhost arrow_forward computer gateway:55934 code www.credo.edu.pl.
computer localhost arrow_forward computer gateway:56122 code www.vitaindu.com.
computer localhost arrow_forward computer gateway:DNS code www.baijaku.com.
computer localhost arrow_forward computer gateway:DNS code www.medisa.info.
computer localhost arrow_forward computer gateway:60061 code www.hummer.hu.
computer localhost arrow_forward computer gateway:49842 code www.iamdirt.com.
computer localhost arrow_forward computer gateway:DNS code www.wifi4all.nl.
computer localhost arrow_forward computer gateway:61778 code www.ora-ito.com.
computer localhost arrow_forward computer gateway:49222 code www.xaicom.es.
computer localhost arrow_forward computer gateway:DNS code www.udesign.biz.
computer localhost arrow_forward computer gateway:61017 code www.stnic.co.uk.
computer localhost arrow_forward computer gateway:58884 code www.olras.com.
computer localhost arrow_forward computer gateway:65236 code www.nelipak.nl.
computer localhost arrow_forward computer gateway:DNS code www.dgmna.com.
computer localhost arrow_forward computer gateway:DNS code www.snugpak.com.
computer localhost arrow_forward computer gateway:58555 code www.cel-cpa.com.
computer localhost arrow_forward computer gateway:50273 code www.item-pr.com.
computer localhost arrow_forward computer gateway:54273 code www.koz1.net.
computer localhost arrow_forward computer gateway:DNS code www.quadlock.com.
computer localhost arrow_forward computer gateway:59735 code www.yumgiskor.kz.
computer localhost arrow_forward computer gateway:52528 code www.transsib.com.
computer localhost arrow_forward computer gateway:DNS code www.ka-mo-me.com.
computer localhost arrow_forward computer gateway:59459 code www.fnsds.org.
computer localhost arrow_forward computer gateway:DNS code www.mobilnic.net.
computer localhost arrow_forward computer gateway:65273 code www.speelhal.net.
computer localhost arrow_forward computer gateway:51267 code www.vexcom.com.
computer localhost arrow_forward computer gateway:60979 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:55268 code www.ftchat.com.
computer localhost arrow_forward computer gateway:55619 code www.c9dd.com.
computer localhost arrow_forward computer gateway:DNS code www.jchysk.com.
computer localhost arrow_forward computer gateway:59599 code www.sjbs.org.
computer localhost arrow_forward computer gateway:49471 code www.cokocoko.com.
computer localhost arrow_forward computer gateway:DNS code www.tyrns.com.
computer localhost arrow_forward computer gateway:DNS code www.naoi-a.com.
computer localhost arrow_forward computer gateway:DNS code www.ora.ecnet.jp.
computer localhost arrow_forward computer gateway:59383 code www.evcpa.com.
computer localhost arrow_forward computer gateway:55729 code www.railbook.net.
computer localhost arrow_forward computer gateway:DNS code www.valdal.com.
computer localhost arrow_forward computer gateway:DNS code www.cokocoko.com.
computer localhost arrow_forward computer gateway:DNS code www.dayvo.com.
computer localhost arrow_forward computer gateway:DNS code www.synetik.net.
computer localhost arrow_forward computer gateway:63064 code www.t-tre.com.
computer localhost arrow_forward computer gateway:51967 code www.yoruksut.com.
computer localhost arrow_forward computer gateway:50508 code www.ka-mo-me.com.
computer localhost arrow_forward computer gateway:DNS code www.petsfan.com.
computer localhost arrow_forward computer gateway:DNS code www.nunomira.com.
computer localhost arrow_forward computer gateway:DNS code www.ex-olive.com.
computer localhost arrow_forward computer gateway:DNS code www.pwd.org.
computer localhost arrow_forward computer gateway:DNS code www.kernsafe.com.
computer localhost arrow_forward computer gateway:49372 code www.ottospm.com.
computer localhost arrow_forward computer gateway:51595 code www.holleman.us.
computer localhost arrow_forward computer gateway:DNS code www.yoruksut.com.
computer localhost arrow_forward computer gateway:62023 code www.fnw.us.
computer localhost arrow_forward computer gateway:DNS code www.medius.si.
computer localhost arrow_forward computer gateway:62985 code www.jacomfg.com.
computer localhost arrow_forward computer gateway:54285 code www.kernsafe.com.
computer localhost arrow_forward computer gateway:DNS code www.x0c.com.
computer localhost arrow_forward computer gateway:57691 code www.myropcb.com.
computer localhost arrow_forward computer gateway:DNS code www.stnic.co.uk.
computer localhost arrow_forward computer gateway:DNS code www.alteor.cl.
computer localhost arrow_forward computer gateway:DNS code www.jenco.co.uk.
computer localhost arrow_forward computer gateway:60947 code www.edimart.hu.
computer localhost arrow_forward computer gateway:63261 code www.spanesi.com.
computer localhost arrow_forward computer gateway:50859 code www.fe-bauer.de.
computer localhost arrow_forward computer gateway:DNS code www.xaicom.es.
computer localhost arrow_forward computer gateway:51134 code www.baijaku.com.
computer localhost arrow_forward computer gateway:DNS code www.valselit.com.
computer localhost arrow_forward computer gateway:61405 code www.pdqhomes.com.
computer localhost arrow_forward computer gateway:DNS code www.koz1.net.
computer localhost arrow_forward computer gateway:DNS code www.wkhk.net.
computer localhost arrow_forward computer gateway:DNS code www.11tochi.net.
computer localhost arrow_forward computer gateway:DNS code www.vexcom.com.
computer localhost arrow_forward computer gateway:DNS code www.olras.com.
computer localhost arrow_forward computer gateway:DNS code www.nqks.com.
computer localhost arrow_forward computer gateway:57993 code www.snugpak.com.
computer localhost arrow_forward computer gateway:DNS code www.ottospm.com.
computer localhost arrow_forward computer gateway:DNS code www.jacomfg.com.
computer localhost arrow_forward computer gateway:59829 code www.udesign.biz.
computer localhost arrow_forward computer gateway:DNS code www.myropcb.com.
computer localhost arrow_forward computer gateway:DNS code www.findbc.com.
computer localhost arrow_forward computer gateway:58129 code www.usadig.com.
computer localhost arrow_forward computer gateway:57037 code www.vazir.se.
computer localhost arrow_forward computer gateway:62215 code www.nunomira.com.
computer localhost arrow_forward computer gateway:DNS code www.vitaindu.com.
computer localhost arrow_forward computer gateway:62509 code www.wifi4all.nl.
computer localhost arrow_forward computer gateway:62387 code www.jenco.co.uk.
computer localhost arrow_forward computer gateway:DNS code www.usadig.com.
computer localhost arrow_forward computer gateway:DNS code www.maktraxx.com.
computer localhost arrow_forward computer gateway:DNS code www.otena.com.
computer localhost arrow_forward computer gateway:56981 code www.fink.com.
computer localhost arrow_forward computer gateway:50204 code www.pwd.org.
computer localhost arrow_forward computer gateway:DNS code www.2print.com.
computer localhost arrow_forward computer gateway:51168 code www.ex-olive.com.
computer localhost arrow_forward computer gateway:52954 code www.maktraxx.com.
computer localhost arrow_forward computer gateway:56984 code www.reglera.com.
computer localhost arrow_forward computer gateway:62659 code www.crcsi.org.
computer localhost arrow_forward computer gateway:57365 code www.depalo.com.
computer localhost arrow_forward computer gateway:60493 code www.valselit.com.
computer localhost arrow_forward computer gateway:52625 code www.tc17.com.
computer localhost arrow_forward computer gateway:DNS code www.lrsuk.com.
computer localhost arrow_forward computer gateway:55480 code www.ora.ecnet.jp.
computer localhost arrow_forward computer gateway:56798 code www.fcwcvt.org.
computer localhost arrow_forward computer gateway:57523 code www.petsfan.com.
computer localhost arrow_forward computer gateway:DNS code www.depalo.com.
computer localhost arrow_forward computer gateway:DNS code www.h-f.net.
computer localhost arrow_forward computer gateway:52654 code www.dayvo.com.
computer localhost arrow_forward computer gateway:54835 code www.jroy.net.
computer localhost arrow_forward computer gateway:56510 code www.com-sit.com.
computer localhost arrow_forward computer gateway:49551 code www.valdal.com.
computer localhost arrow_forward computer gateway:59631 code www.pb-games.com.
computer localhost arrow_forward computer gateway:DNS code www.abart.pl.
computer localhost arrow_forward computer gateway:DNS code www.holleman.us.
computer localhost arrow_forward computer gateway:52503 code www.2print.com.
computer localhost arrow_forward computer gateway:63739 code www.wnsavoy.com.
computer localhost arrow_forward computer gateway:DNS code www.transsib.com.
computer localhost arrow_forward computer gateway:56667 code www.dgmna.com.
computer localhost arrow_forward computer gateway:DNS code www.ftchat.com.
computer localhost arrow_forward computer gateway:DNS code www.reglera.com.
computer localhost arrow_forward computer gateway:DNS code www.owsports.ca.
computer localhost arrow_forward computer gateway:DNS code www.rs-ag.com.
computer localhost arrow_forward computer gateway:50141 code www.pr-park.com.
computer localhost arrow_forward computer gateway:DNS code www.domon.com.
computer localhost arrow_forward computer gateway:DNS code www.nelipak.nl.
computer localhost arrow_forward computer gateway:56655 code www.pcgrate.com.
computer localhost arrow_forward computer gateway:DNS code www.pohlfood.com.
computer localhost arrow_forward computer gateway:55569 code www.rs-ag.com.
computer localhost arrow_forward computer gateway:62577 code www.pupi.cz.
computer localhost arrow_forward computer gateway:DNS code www.mqs.com.br.
computer localhost arrow_forward computer gateway:DNS code www.c9dd.com.
computer localhost arrow_forward computer gateway:61194 code www.elpro.si.
computer localhost arrow_forward computer gateway:DNS code www.gpthink.com.
computer localhost arrow_forward computer gateway:49601 code www.lrsuk.com.
computer localhost arrow_forward computer gateway:57952 code www.synetik.net.
computer localhost arrow_forward computer gateway:DNS code www.pb-games.com.
computer localhost arrow_forward computer gateway:DNS code www.wnsavoy.com.
computer localhost arrow_forward computer gateway:49285 code www.x0c.com.
computer localhost arrow_forward computer gateway:DNS code www.pdqhomes.com.
computer localhost arrow_forward computer gateway:DNS code www.pr-park.com.
computer localhost arrow_forward computer gateway:50895 code www.domon.com.
computer localhost arrow_forward computer gateway:DNS code www.railbook.net.
computer localhost arrow_forward computer gateway:DNS code www.spanesi.com.
computer localhost arrow_forward computer gateway:DNS code www.pcgrate.com.
computer localhost arrow_forward computer gateway:DNS code www.pupi.cz.
computer localhost arrow_forward computer gateway:DNS code www.tc17.com.
computer localhost arrow_forward computer gateway:51171 code www.yocinc.org.
computer localhost arrow_forward computer gateway:DNS code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code www.evcpa.com.
computer localhost arrow_forward computer gateway:DNS code www.com-sit.com.
computer localhost arrow_forward computer gateway:49506 code www.pohlfood.com.
computer localhost arrow_forward computer gateway:DNS code www.fink.com.
computer localhost arrow_forward computer gateway:DNS code www.vazir.se.
computer localhost arrow_forward computer gateway:DNS code www.hummer.hu.
computer localhost arrow_forward computer gateway:50772 code www.naoi-a.com.
computer localhost arrow_forward computer gateway:DNS code www.stajum.com.
computer localhost arrow_forward computer gateway:DNS code www.iamdirt.com.
computer localhost arrow_forward computer gateway:DNS code www.yumgiskor.kz.
computer localhost arrow_forward computer gateway:59822 code www.waldi.pl.
computer localhost arrow_forward computer gateway:60222 code www.medisa.info.
computer localhost arrow_forward computer gateway:DNS code www.speelhal.net.
computer localhost arrow_forward computer gateway:50043 code www.stajum.com.
computer localhost arrow_forward computer gateway:60265 code www.jchysk.com.
computer localhost arrow_forward computer gateway:57672 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:DNS code www.photo4b.com.
computer localhost arrow_forward computer gateway:DNS code www.abdg.com.
computer localhost arrow_forward computer gateway:DNS code www.yocinc.org.
computer localhost arrow_forward computer gateway:DNS code www.fnw.us.
computer localhost arrow_forward computer gateway:DNS code www.fnsds.org.
computer localhost arrow_forward computer gateway:49775 code www.gpthink.com.
computer localhost arrow_forward computer gateway:DNS code www.tvtools.fi.
computer localhost arrow_forward computer gateway:DNS code www.sjbs.org.
computer localhost arrow_forward computer gateway:61665 code www.abart.pl.
computer localhost arrow_forward computer gateway:DNS code www.elpro.si.
computer localhost arrow_forward computer gateway:57912 code www.owsports.ca.
computer localhost arrow_forward computer gateway:59994 code dns.msftncsi.com.
computer localhost arrow_forward computer gateway:59646 code www.nqks.com.
computer localhost arrow_forward computer gateway:DNS code www.sclover3.com.
computer localhost arrow_forward computer gateway:DNS code www.item-pr.com.
computer localhost arrow_forward computer gateway:65264 code www.alteor.cl.
computer localhost arrow_forward computer gateway:DNS code www.cel-cpa.com.
computer localhost arrow_forward computer gateway:DNS code www.t-tre.com.
computer localhost arrow_forward computer gateway:51039 code www.11tochi.net.
computer localhost arrow_forward computer gateway:58385 code www.tyrns.com.
computer localhost arrow_forward computer gateway:64983 code www.medius.si.
computer localhost arrow_forward computer gateway:49955 code www.abdg.com.
computer localhost arrow_forward computer gateway:DNS code www.ora-ito.com.
computer localhost arrow_forward computer gateway:52364 code www.otena.com.
computer localhost arrow_forward computer gateway:DNS code www.credo.edu.pl.

Response
computer gateway:DNS arrow_forward computer localhost code www.medisa.info. reply_all 89.184.79.3

computer gateway:DNS arrow_forward computer localhost code www.item-pr.com. reply_all 185.15.129.58

computer gateway:DNS arrow_forward computer localhost code www.sclover3.com. reply_all 157.112.182.239

computer gateway:DNS arrow_forward computer localhost code www.ora.ecnet.jp. reply_all 118.23.162.86

computer gateway:DNS arrow_forward computer localhost code www.alteor.cl. reply_all 35.247.254.172

computer gateway:DNS arrow_forward computer localhost code www.ka-mo-me.com. reply_all 211.1.226.69

computer gateway:DNS arrow_forward computer localhost code www.elpro.si. reply_all 193.77.149.5

computer gateway:DNS arrow_forward computer localhost code www.waldi.pl. reply_all 46.242.238.60

computer gateway:DNS arrow_forward computer localhost code www.stnic.co.uk. reply_all 192.124.249.108

computer gateway:DNS arrow_forward computer localhost code www.findbc.com. reply_all 199.167.17.149

computer gateway:DNS arrow_forward computer localhost code www.vazir.se. reply_all 195.74.38.62

computer gateway:DNS arrow_forward computer localhost code www.pdqhomes.com. reply_all 23.20.239.12

computer gateway:DNS arrow_forward computer localhost code www.myropcb.com. reply_all 74.208.215.199

computer gateway:DNS arrow_forward computer localhost code www.nelipak.nl. reply_all 82.201.61.230

computer gateway:DNS arrow_forward computer localhost code www.pwd.org. reply_all 132.148.143.235

computer gateway:DNS arrow_forward computer localhost code www.tvtools.fi. reply_all 104.27.184.204

computer gateway:DNS arrow_forward computer localhost code www.c9dd.com. reply_all 104.26.10.239

computer gateway:DNS arrow_forward computer localhost code www.nqks.com. reply_all 205.147.88.143

computer gateway:DNS arrow_forward computer localhost code www.nunomira.com. reply_all 23.229.223.161

computer gateway:DNS arrow_forward computer localhost code www.tyrns.com. reply_all 62.210.140.158

computer gateway:DNS arrow_forward computer localhost code www.lrsuk.com. reply_all 13.227.101.106

computer gateway:DNS arrow_forward computer localhost code www.jacomfg.com. reply_all 96.127.180.42

computer gateway:DNS arrow_forward computer localhost code www.kernsafe.com. reply_all 104.24.29.20

computer gateway:DNS arrow_forward computer localhost code www.fnw.us. reply_all 137.118.26.67

computer gateway:DNS arrow_forward computer localhost code www.maktraxx.com. reply_all 72.44.93.236

computer gateway:DNS arrow_forward computer localhost code www.11tochi.net. reply_all 157.112.176.4

computer gateway:DNS arrow_forward computer localhost code www.iamdirt.com. reply_all 35.247.254.172

computer gateway:DNS arrow_forward computer localhost code www.pcgrate.com. reply_all 66.232.103.8

computer gateway:DNS arrow_forward computer localhost code www.ottospm.com. reply_all 104.27.138.76

computer gateway:DNS arrow_forward computer localhost code www.cokocoko.com. reply_all 23.20.239.12

computer gateway:DNS arrow_forward computer localhost code www.reglera.com. reply_all 64.125.133.18

computer gateway:DNS arrow_forward computer localhost code www.valselit.com. reply_all 213.186.33.16

computer gateway:DNS arrow_forward computer localhost code www.hummer.hu. reply_all 185.80.51.179

computer gateway:DNS arrow_forward computer localhost code www.edimart.hu. reply_all 185.51.65.164

computer gateway:DNS arrow_forward computer localhost code www.baijaku.com. reply_all 59.106.19.204

computer gateway:DNS arrow_forward computer localhost code www.olras.com. reply_all 80.93.82.33

computer gateway:DNS arrow_forward computer localhost code www.tc17.com. reply_all 104.27.158.178

computer gateway:DNS arrow_forward computer localhost code www.ftchat.com. reply_all 104.27.190.157

computer gateway:DNS arrow_forward computer localhost code www.fcwcvt.org. reply_all 104.28.18.104

computer gateway:DNS arrow_forward computer localhost code www.transsib.com. reply_all 80.74.154.6

computer gateway:DNS arrow_forward computer localhost code www.spanesi.com. reply_all 104.26.2.86

computer gateway:DNS arrow_forward computer localhost code www.abdg.com. reply_all 192.252.154.18

computer gateway:DNS arrow_forward computer localhost code www.fink.com. reply_all 69.163.218.51

computer gateway:DNS arrow_forward computer localhost code www.wkhk.net. reply_all 150.95.8.242

computer gateway:DNS arrow_forward computer localhost code www.dgmna.com. reply_all 192.124.249.20

computer gateway:DNS arrow_forward computer localhost code www.valdal.com. reply_all 104.28.4.95

computer gateway:DNS arrow_forward computer localhost code www.depalo.com. reply_all 35.241.35.200

computer gateway:DNS arrow_forward computer localhost code www.wnsavoy.com. reply_all 96.91.204.114

computer gateway:DNS arrow_forward computer localhost code www.credo.edu.pl. reply_all 185.123.161.166

computer gateway:DNS arrow_forward computer localhost code dns.msftncsi.com. reply_all 131.107.255.255

computer gateway:DNS arrow_forward computer localhost code www.synetik.net. reply_all 193.166.255.171

computer gateway:DNS arrow_forward computer localhost code www.quadlock.com. reply_all 70.39.251.249

computer gateway:DNS arrow_forward computer localhost code www.wifi4all.nl. reply_all 104.18.57.114

computer gateway:DNS arrow_forward computer localhost code www.pb-games.com. reply_all 173.254.28.29

computer gateway:DNS arrow_forward computer localhost code www.medius.si. reply_all 198.211.123.23

computer gateway:DNS arrow_forward computer localhost code www.mobilnic.net. reply_all 148.251.33.194

computer gateway:DNS arrow_forward computer localhost code www.speelhal.net. reply_all 217.19.237.54

computer gateway:DNS arrow_forward computer localhost code www.h-f.net. reply_all 91.121.93.71

computer gateway:DNS arrow_forward computer localhost code www.pohlfood.com. reply_all 50.211.16.74

computer gateway:DNS arrow_forward computer localhost code www.cel-cpa.com. reply_all 104.196.26.65

computer gateway:DNS arrow_forward computer localhost code www.sjbs.org. reply_all 198.1.85.250

computer gateway:DNS arrow_forward computer localhost code www.xaicom.es. reply_all 85.214.214.113

computer gateway:DNS arrow_forward computer localhost code www.vitaindu.com. reply_all 58.64.191.148

computer gateway:DNS arrow_forward computer localhost code www.x0c.com. reply_all 185.53.178.6

computer gateway:DNS arrow_forward computer localhost code www.gpthink.com. reply_all 101.200.0.178

computer gateway:DNS arrow_forward computer localhost code www.jenco.co.uk. reply_all 104.18.63.32

computer gateway:DNS arrow_forward computer localhost code www.yumgiskor.kz. reply_all 35.231.151.7

computer gateway:DNS arrow_forward computer localhost code www.dayvo.com. reply_all 104.25.96.5

computer gateway:DNS arrow_forward computer localhost code www.pupi.cz. reply_all 103.224.182.241

computer gateway:DNS arrow_forward computer localhost code www.crcsi.org. reply_all 13.92.229.219

computer gateway:DNS arrow_forward computer localhost code www.jchysk.com. reply_all 208.97.178.138

computer gateway:DNS arrow_forward computer localhost code www.otena.com. reply_all 198.46.134.245

computer gateway:DNS arrow_forward computer localhost code www.naoi-a.com. reply_all 202.254.236.40

computer gateway:DNS arrow_forward computer localhost code www.usadig.com. reply_all 198.100.146.220

computer gateway:DNS arrow_forward computer localhost code www.evcpa.com. reply_all 192.124.249.10

computer gateway:DNS arrow_forward computer localhost code www.ex-olive.com. reply_all 210.140.73.39

computer gateway:DNS arrow_forward computer localhost code www.fe-bauer.de. reply_all 37.59.218.52

computer gateway:DNS arrow_forward computer localhost code www.ora-ito.com. reply_all 213.186.33.40

computer gateway:DNS arrow_forward computer localhost code www.yocinc.org. reply_all 162.241.236.76

computer gateway:DNS arrow_forward computer localhost code www.abart.pl. reply_all 89.161.163.246

computer gateway:DNS arrow_forward computer localhost code www.photo4b.com. reply_all 79.96.84.130

computer gateway:DNS arrow_forward computer localhost code www.domon.com. reply_all 104.16.222.187

computer gateway:DNS arrow_forward computer localhost code www.rs-ag.com. reply_all 104.31.73.201

computer gateway:DNS arrow_forward computer localhost code www.com-sit.com. reply_all 5.189.142.61

computer gateway:DNS arrow_forward computer localhost code www.stajum.com. reply_all 202.254.236.61

computer gateway:DNS arrow_forward computer localhost code www.2print.com. reply_all 50.63.202.63

computer gateway:DNS arrow_forward computer localhost code www.pr-park.com. reply_all 157.7.107.91

computer gateway:DNS arrow_forward computer localhost code www.aevga.com. reply_all 192.254.234.162

computer gateway:DNS arrow_forward computer localhost code www.snugpak.com. reply_all 104.28.9.217

computer gateway:DNS arrow_forward computer localhost code www.t-tre.com. reply_all 95.141.37.108

computer gateway:DNS arrow_forward computer localhost code www.fnsds.org. reply_all 91.195.240.126

computer gateway:DNS arrow_forward computer localhost code www.mqs.com.br. reply_all 50.116.31.234


TCP
Info
computer localhost:65247 arrow_forward 195.74.38.62:80
162.241.236.76:80 arrow_forward computer localhost:65221
104.27.159.178:80 arrow_forward computer localhost:65273
192.252.154.18:80 arrow_forward computer localhost:65208
computer localhost:65195 arrow_forward 213.186.33.17:80
computer localhost:65196 arrow_forward 66.232.103.8:80
69.163.218.51:80 arrow_forward computer localhost:65263
computer localhost:65283 arrow_forward 217.19.237.54:80
213.186.33.16:80 arrow_forward computer localhost:65199
computer localhost:65192 arrow_forward 104.24.28.20:80
104.26.3.86:80 arrow_forward computer localhost:65215
computer localhost:65242 arrow_forward 82.201.61.230:80
35.247.254.172:80 arrow_forward computer localhost:65220
computer localhost:65204 arrow_forward 62.210.140.158:80
computer localhost:65198 arrow_forward 85.214.214.113:80
computer localhost:65238 arrow_forward 198.100.146.220:80
computer localhost:65288 arrow_forward 37.59.218.52:80
157.112.176.4:80 arrow_forward computer localhost:65241
104.196.26.65:80 arrow_forward computer localhost:65197
computer localhost:65276 arrow_forward 211.1.226.69:80
95.141.37.108:80 arrow_forward computer localhost:65231
computer localhost:65202 arrow_forward 104.27.139.76:80
59.106.19.204:80 arrow_forward computer localhost:65267
computer localhost:65232 arrow_forward 50.116.31.234:80
118.23.162.86:80 arrow_forward computer localhost:65212
computer localhost:65200 arrow_forward 148.251.33.194:80
211.1.226.69:80 arrow_forward computer localhost:65276
computer localhost:65254 arrow_forward 35.241.35.200:80
150.95.8.242:80 arrow_forward computer localhost:65201
computer localhost:65269 arrow_forward 104.27.191.157:80
104.28.8.217:80 arrow_forward computer localhost:65224
computer localhost:65250 arrow_forward 104.25.97.5:80
computer localhost:65217 arrow_forward 198.1.85.250:80
82.201.61.230:80 arrow_forward computer localhost:65242
198.46.134.245:80 arrow_forward computer localhost:65207
computer localhost:65280 arrow_forward 185.80.51.179:80
104.27.139.76:80 arrow_forward computer localhost:65203
computer localhost:65249 arrow_forward 101.200.0.178:80
computer localhost:65208 arrow_forward 192.252.154.18:80
74.208.215.199:80 arrow_forward computer localhost:65230
computer localhost:65240 arrow_forward 192.254.234.162:80
173.254.28.29:80 arrow_forward computer localhost:65265
104.16.218.187:80 arrow_forward computer localhost:65285
help_outline 192.124.249.108:80 arrow_forward computer localhost:65248
computer localhost:65262 arrow_forward 208.97.178.138:80
185.51.65.164:80 arrow_forward computer localhost:65233
104.27.139.76:80 arrow_forward computer localhost:65202
computer localhost:65191 arrow_forward 104.28.5.95:80
computer localhost:65210 arrow_forward 13.92.229.219:80
91.121.93.71:80 arrow_forward computer localhost:65256
137.118.26.67:80 arrow_forward computer localhost:65226
213.186.33.17:80 arrow_forward computer localhost:65195
35.241.35.200:80 arrow_forward computer localhost:65254
104.18.62.32:80 arrow_forward computer localhost:65266
computer localhost:65251 arrow_forward 210.140.73.39:80
computer localhost:65222 arrow_forward help_outline 192.124.249.20:80
13.227.101.101:80 arrow_forward computer localhost:65228
148.251.33.194:80 arrow_forward computer localhost:65200
23.20.239.12:80 arrow_forward computer localhost:65236
computer localhost:65224 arrow_forward 104.28.8.217:80
computer localhost:65248 arrow_forward help_outline 192.124.249.108:80
computer localhost:65281 arrow_forward 104.27.185.204:80
35.229.93.46:80 arrow_forward computer localhost:65205
89.161.163.246:80 arrow_forward computer localhost:65252
computer localhost:65221 arrow_forward 162.241.236.76:80
computer localhost:65244 arrow_forward 50.63.202.63:80
computer localhost:65193 arrow_forward 202.254.236.61:80
202.254.236.61:80 arrow_forward computer localhost:65193
69.163.218.51:80 arrow_forward computer localhost:65264
computer localhost:65213 arrow_forward 157.7.107.91:80
157.7.107.91:80 arrow_forward computer localhost:65213
computer localhost:65199 arrow_forward 213.186.33.16:80
computer localhost:65256 arrow_forward 91.121.93.71:80
computer localhost:65272 arrow_forward 80.74.154.6:80
104.24.28.20:80 arrow_forward computer localhost:65192
35.247.254.172:80 arrow_forward computer localhost:65235
computer localhost:65207 arrow_forward 198.46.134.245:80
computer localhost:65275 arrow_forward 104.28.19.104:80
50.211.16.74:80 arrow_forward computer localhost:65239
computer localhost:65270 arrow_forward help_outline 185.123.161.166:80
computer localhost:65255 arrow_forward 80.93.82.33:80
46.242.238.60:80 arrow_forward computer localhost:65268
help_outline 205.147.88.143:80 arrow_forward computer localhost:65219
23.229.223.161:80 arrow_forward computer localhost:65278
199.167.17.149:80 arrow_forward computer localhost:65260
computer localhost:65212 arrow_forward 118.23.162.86:80
computer localhost:65228 arrow_forward 13.227.101.101:80
computer localhost:65271 arrow_forward 58.64.191.148:80
195.74.38.62:80 arrow_forward computer localhost:65247
computer localhost:65197 arrow_forward 104.196.26.65:80
computer localhost:65277 arrow_forward 103.224.182.241:80
104.26.11.239:80 arrow_forward computer localhost:65223
80.74.154.6:80 arrow_forward computer localhost:65272
computer localhost:65266 arrow_forward 104.18.62.32:80
89.184.79.3:80 arrow_forward computer localhost:65214
computer localhost:65261 arrow_forward 208.97.178.138:80
79.96.84.130:80 arrow_forward computer localhost:65211
computer localhost:65279 arrow_forward 104.31.72.201:80
computer localhost:65219 arrow_forward help_outline 205.147.88.143:80
computer localhost:65284 arrow_forward 132.148.143.235:80
computer localhost:65230 arrow_forward 74.208.215.199:80
computer localhost:65268 arrow_forward 46.242.238.60:80
computer localhost:65227 arrow_forward 185.53.178.6:80
computer localhost:65237 arrow_forward 96.91.204.114:80
computer localhost:65223 arrow_forward 104.26.11.239:80
104.27.185.204:80 arrow_forward computer localhost:65282
computer localhost:65205 arrow_forward 35.229.93.46:80
computer localhost:65236 arrow_forward 23.20.239.12:80
computer localhost:65263 arrow_forward 69.163.218.51:80
computer localhost:65282 arrow_forward 104.27.185.204:80
104.28.5.95:80 arrow_forward computer localhost:65191
computer localhost:65265 arrow_forward 173.254.28.29:80
192.254.234.162:80 arrow_forward computer localhost:65245
computer localhost:65274 arrow_forward 104.28.19.104:80
208.97.178.138:80 arrow_forward computer localhost:65261
72.44.93.236:80 arrow_forward computer localhost:65259
103.224.182.241:80 arrow_forward computer localhost:65277
198.211.123.23:80 arrow_forward computer localhost:65253
91.195.240.126:80 arrow_forward computer localhost:65216
13.92.229.219:80 arrow_forward computer localhost:65210
104.27.191.157:80 arrow_forward computer localhost:65269
193.166.255.171:80 arrow_forward computer localhost:65243
computer localhost:65246 arrow_forward 64.125.133.18:80
computer localhost:65234 arrow_forward 96.127.180.42:80
computer localhost:65214 arrow_forward 89.184.79.3:80
208.97.178.138:80 arrow_forward computer localhost:65262
213.186.33.40:80 arrow_forward computer localhost:65257
computer localhost:65243 arrow_forward 193.166.255.171:80
80.93.82.33:80 arrow_forward computer localhost:65255
210.140.73.39:80 arrow_forward computer localhost:65251
185.53.178.6:80 arrow_forward computer localhost:65227
217.19.237.54:80 arrow_forward computer localhost:65283
computer localhost:65215 arrow_forward 104.26.3.86:80
help_outline 192.124.249.20:80 arrow_forward computer localhost:65222
computer localhost:65245 arrow_forward 192.254.234.162:80
computer localhost:65259 arrow_forward 72.44.93.236:80
computer localhost:65286 arrow_forward 104.16.218.187:80
85.214.214.113:80 arrow_forward computer localhost:65198
computer localhost:65203 arrow_forward 104.27.139.76:80
66.232.103.8:80 arrow_forward computer localhost:65196
192.254.234.162:80 arrow_forward computer localhost:65240
202.254.236.40:80 arrow_forward computer localhost:65209
computer localhost:65206 arrow_forward 104.18.56.114:80
computer localhost:65220 arrow_forward 35.247.254.172:80
104.18.56.114:80 arrow_forward computer localhost:65206
computer localhost:65267 arrow_forward 59.106.19.204:80
computer localhost:65231 arrow_forward 95.141.37.108:80
198.1.85.250:80 arrow_forward computer localhost:65217
computer localhost:65226 arrow_forward 137.118.26.67:80
104.28.19.104:80 arrow_forward computer localhost:65275
157.112.182.239:80 arrow_forward computer localhost:65287
computer localhost:65225 arrow_forward 5.189.142.61:80
104.28.19.104:80 arrow_forward computer localhost:65274
help_outline 185.123.161.166:80 arrow_forward computer localhost:65270
computer localhost:65218 arrow_forward help_outline 192.124.249.10:80
104.25.97.5:80 arrow_forward computer localhost:65250
computer localhost:65285 arrow_forward 104.16.218.187:80
132.148.143.235:80 arrow_forward computer localhost:65284
computer localhost:65201 arrow_forward 150.95.8.242:80
50.116.31.234:80 arrow_forward computer localhost:65232
23.20.239.12:80 arrow_forward computer localhost:65229
185.80.51.179:80 arrow_forward computer localhost:65280
computer localhost:65235 arrow_forward 35.247.254.172:80
computer localhost:65252 arrow_forward 89.161.163.246:80
computer localhost:65253 arrow_forward 198.211.123.23:80
computer localhost:65209 arrow_forward 202.254.236.40:80
101.200.0.178:80 arrow_forward computer localhost:65249
computer localhost:65239 arrow_forward 50.211.16.74:80
58.64.191.148:80 arrow_forward computer localhost:65271
computer localhost:65260 arrow_forward 199.167.17.149:80
computer localhost:65278 arrow_forward 23.229.223.161:80
104.27.185.204:80 arrow_forward computer localhost:65281
computer localhost:65211 arrow_forward 79.96.84.130:80
computer localhost:65287 arrow_forward 157.112.182.239:80
computer localhost:65194 arrow_forward 70.39.251.249:80
5.189.142.61:80 arrow_forward computer localhost:65225
37.59.218.52:80 arrow_forward computer localhost:65288
computer localhost:65257 arrow_forward 213.186.33.40:80
computer localhost:65258 arrow_forward 193.77.149.5:80
computer localhost:65241 arrow_forward 157.112.176.4:80
50.63.202.63:80 arrow_forward computer localhost:65244
104.16.218.187:80 arrow_forward computer localhost:65286
computer localhost:65229 arrow_forward 23.20.239.12:80
96.127.180.42:80 arrow_forward computer localhost:65234
193.77.149.5:80 arrow_forward computer localhost:65258
computer localhost:65216 arrow_forward 91.195.240.126:80
computer localhost:65273 arrow_forward 104.27.159.178:80
computer localhost:65233 arrow_forward 185.51.65.164:80
104.31.72.201:80 arrow_forward computer localhost:65279
computer localhost:65264 arrow_forward 69.163.218.51:80
62.210.140.158:80 arrow_forward computer localhost:65204
help_outline 192.124.249.10:80 arrow_forward computer localhost:65218

UDP
Info
computer localhost:53 arrow_forward computer localhost:50141
computer localhost:51039 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:57993
computer localhost:53 arrow_forward computer localhost:63739
computer localhost:65264 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:49506
computer localhost:49471 arrow_forward computer localhost:53
computer localhost:59383 arrow_forward computer localhost:53
computer localhost:61405 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:61405
computer localhost:53 arrow_forward computer localhost:62985
computer localhost:50204 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:58555
computer localhost:54273 arrow_forward computer localhost:53
computer localhost:56981 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:49601
computer localhost:50859 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50204
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:57952 arrow_forward computer localhost:53
computer localhost:62659 arrow_forward computer localhost:53
computer localhost:49372 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59383
computer localhost:53 arrow_forward computer localhost:58884
computer localhost:53 arrow_forward computer localhost:50859
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:56667 arrow_forward computer localhost:53
computer localhost:57523 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:56667
computer localhost:53 arrow_forward computer localhost:57523
computer localhost:53 arrow_forward computer localhost:58036
computer localhost:50508 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:61778
computer localhost:60222 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:56984
computer localhost:57993 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:54835
computer localhost:49601 arrow_forward computer localhost:53
computer localhost:61194 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:58385 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:58385
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:57691
computer localhost:59631 arrow_forward computer localhost:53
computer localhost:62215 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:63261
computer localhost:63739 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:51168
computer localhost:53 arrow_forward computer localhost:53316
computer localhost:63209 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:60061
computer localhost:53 arrow_forward computer localhost:62509
computer localhost:53 arrow_forward computer localhost:54273
computer localhost:49285 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:51874
computer localhost:53 arrow_forward computer localhost:62023
computer localhost:52528 arrow_forward computer localhost:53
computer localhost:51168 arrow_forward computer localhost:53
computer localhost:58036 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:52503
computer localhost:62577 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:56122
computer localhost:60979 arrow_forward computer localhost:53
computer localhost:57037 arrow_forward computer localhost:53
computer localhost:57691 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:64983
computer localhost:61778 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:54285
computer localhost:53 arrow_forward computer localhost:61665
computer localhost:53 arrow_forward computer localhost:56981
computer localhost:53210 arrow_forward computer localhost:53
computer localhost:56298 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:65264
computer localhost:59459 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50772
computer localhost:59735 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:57952
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:51171
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53316 arrow_forward computer localhost:53
computer localhost:59994 arrow_forward computer localhost:53
computer localhost:56122 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50508
computer localhost:53 arrow_forward computer localhost:60493
computer localhost:53 arrow_forward computer localhost:53996
computer localhost:53 arrow_forward computer localhost:58129
computer localhost:60493 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:57912
computer localhost:54285 arrow_forward computer localhost:53
computer localhost:62387 arrow_forward computer localhost:53
computer localhost:65236 arrow_forward computer localhost:53
computer localhost:49955 arrow_forward computer localhost:53
computer localhost:62023 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55934
computer localhost:53 arrow_forward computer localhost:49955
computer localhost:52954 arrow_forward computer localhost:53
computer localhost:61665 arrow_forward computer localhost:53
computer localhost:58129 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59735
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:63064
computer localhost:53 arrow_forward computer localhost:59822
computer localhost:53 arrow_forward computer localhost:55268
computer localhost:53 arrow_forward computer localhost:56655
computer localhost:49551 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:53831
computer localhost:53 arrow_forward computer localhost:49842
computer localhost:53 arrow_forward computer localhost:59994
computer localhost:50895 arrow_forward computer localhost:53
computer localhost:51267 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:56510
computer localhost:53 arrow_forward computer localhost:60222
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:52503 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50895
computer localhost:53 arrow_forward computer localhost:61194
computer localhost:62985 arrow_forward computer localhost:53
computer localhost:51595 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:49372
computer localhost:55934 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59459
computer localhost:55480 arrow_forward computer localhost:53
computer localhost:58884 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:52528
computer localhost:53 arrow_forward computer localhost:53021
computer localhost:53 arrow_forward computer localhost:61017
computer localhost:53 arrow_forward computer localhost:57365
computer localhost:53 arrow_forward computer localhost:52625
computer localhost:55729 arrow_forward computer localhost:53
computer localhost:55619 arrow_forward computer localhost:53
computer localhost:56984 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55729
computer localhost:55569 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:51134
computer localhost:53 arrow_forward computer localhost:49551
computer localhost:53 arrow_forward computer localhost:60979
computer localhost:53 arrow_forward computer localhost:51967
computer localhost:63064 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55569
computer localhost:53 arrow_forward computer localhost:60265
computer localhost:57672 arrow_forward computer localhost:53
computer localhost:52625 arrow_forward computer localhost:53
computer localhost:59599 arrow_forward computer localhost:53
computer localhost:49842 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:56798
computer localhost:63261 arrow_forward computer localhost:53
computer localhost:53996 arrow_forward computer localhost:53
computer localhost:52364 arrow_forward computer localhost:53
computer localhost:52654 arrow_forward computer localhost:53
computer localhost:51134 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:57672
computer localhost:53 arrow_forward computer localhost:59631
computer localhost:65273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:53210
computer localhost:49222 arrow_forward computer localhost:53
computer localhost:53831 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:49285
computer localhost:55268 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59599
computer localhost:50141 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59646
computer localhost:53 arrow_forward computer localhost:49775
computer localhost:53 arrow_forward computer localhost:65236
computer localhost:53 arrow_forward computer localhost:55619
computer localhost:64983 arrow_forward computer localhost:53
computer localhost:51874 arrow_forward computer localhost:53
computer localhost:54835 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:60947
computer localhost:53 arrow_forward computer localhost:62215
computer localhost:53 arrow_forward computer localhost:52364
computer localhost:53 arrow_forward computer localhost:57037
computer localhost:53 arrow_forward computer localhost:49222
computer localhost:53 arrow_forward computer localhost:51595
computer localhost:53 arrow_forward computer localhost:63209
computer localhost:53 arrow_forward computer localhost:62659
computer localhost:56655 arrow_forward computer localhost:53
computer localhost:51967 arrow_forward computer localhost:53
computer localhost:57365 arrow_forward computer localhost:53
computer localhost:56798 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:52654
computer localhost:53021 arrow_forward computer localhost:53
computer localhost:56510 arrow_forward computer localhost:53
computer localhost:49775 arrow_forward computer localhost:53
computer localhost:59822 arrow_forward computer localhost:53
computer localhost:60061 arrow_forward computer localhost:53
computer localhost:57912 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:49471
computer localhost:50772 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:62387
computer localhost:60947 arrow_forward computer localhost:53
computer localhost:58555 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:52954
computer localhost:53 arrow_forward computer localhost:56298
computer localhost:51171 arrow_forward computer localhost:53
computer localhost:61017 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:62577
computer localhost:59646 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:65273
computer localhost:49506 arrow_forward computer localhost:53
computer localhost:60265 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55480
computer localhost:53 arrow_forward computer localhost:51039
computer localhost:62509 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:51267

HTTP
Info
computer localhost send POST www.h-f.net attach_file /
computer localhost send POST www.gpthink.com attach_file /
computer localhost send POST www.domon.com attach_file /
computer localhost send POST www.photo4b.com attach_file /
computer localhost send POST www.x0c.com attach_file /
computer localhost send POST www.ka-mo-me.com attach_file /
computer localhost send POST www.stnic.co.uk help_outline attach_file /
computer localhost send POST www.medisa.info attach_file /
computer localhost send POST www.naoi-a.com attach_file /
computer localhost send POST www.yumgiskor.kz attach_file /
computer localhost send POST www.fnw.us attach_file /
computer localhost send POST www.evcpa.com help_outline attach_file /
computer localhost send POST www.cokocoko.com attach_file /
computer localhost send POST www.yocinc.org attach_file /
computer localhost send POST www.valdal.com attach_file /
computer localhost send POST www.olras.com attach_file /
computer localhost send POST www.edimart.hu attach_file /
computer localhost send POST www.xaicom.es attach_file /
computer localhost send POST www.findbc.com attach_file /
computer localhost send POST www.iamdirt.com attach_file /
computer localhost send POST www.transsib.com attach_file /
computer localhost send POST www.wkhk.net attach_file /
computer localhost send POST www.synetik.net attach_file /
computer localhost send POST www.t-tre.com attach_file /
computer localhost send POST www.nqks.com help_outline attach_file /
computer localhost send POST www.tyrns.com attach_file /
computer localhost send POST www.fcwcvt.org attach_file /
computer localhost send POST www.tvtools.fi attach_file /
computer localhost send POST www.mobilnic.net attach_file /
computer localhost send POST www.pwd.org attach_file /
computer localhost send POST www.ftchat.com attach_file /
computer localhost send POST www.otena.com attach_file /
computer localhost send POST www.ex-olive.com attach_file /
computer localhost send POST www.pupi.cz attach_file /
computer localhost send POST www.speelhal.net attach_file /
computer localhost send POST www.wifi4all.nl attach_file /
computer localhost send POST www.abart.pl attach_file /
computer localhost send POST www.mqs.com.br attach_file /
computer localhost send POST www.elpro.si attach_file /
computer localhost send POST www.11tochi.net attach_file /
computer localhost send POST www.pcgrate.com attach_file /
computer localhost send POST www.fnsds.org attach_file /
computer localhost send POST www.maktraxx.com attach_file /
computer localhost send POST www.waldi.pl attach_file /
computer localhost send POST www.alteor.cl attach_file /
computer localhost send POST www.valselit.com attach_file /
computer localhost send POST www.tc17.com attach_file /
computer localhost send POST www.hummer.hu attach_file /
computer localhost send POST www.sjbs.org attach_file /
computer localhost send POST www.com-sit.com attach_file /
computer localhost send POST www.fe-bauer.de attach_file /
computer localhost send POST www.stajum.com attach_file /
computer localhost send POST www.pr-park.com attach_file /
computer localhost send POST www.lrsuk.com attach_file /
computer localhost send POST www.jenco.co.uk attach_file /
computer localhost send POST www.myropcb.com attach_file /
computer localhost send POST www.depalo.com attach_file /
computer localhost send POST www.jacomfg.com attach_file /
computer localhost send POST www.medius.si attach_file /
computer localhost send POST www.pohlfood.com attach_file /
computer localhost send POST www.c9dd.com attach_file /
computer localhost send POST www.aevga.com attach_file /
computer localhost send POST www.dgmna.com help_outline attach_file /
computer localhost send POST www.item-pr.com attach_file /
computer localhost send POST www.abdg.com attach_file /
computer localhost send POST www.2print.com attach_file /
computer localhost send POST www.vitaindu.com attach_file /
computer localhost send POST www.dayvo.com attach_file /
computer localhost send POST www.jchysk.com attach_file /
computer localhost send POST www.sclover3.com attach_file /
computer localhost send POST www.fink.com attach_file /
computer localhost send POST www.credo.edu.pl help_outline attach_file /
computer localhost send POST www.vazir.se attach_file /
computer localhost send POST www.cel-cpa.com attach_file /
computer localhost send POST www.rs-ag.com attach_file /
computer localhost send POST www.kernsafe.com attach_file /
computer localhost send POST www.baijaku.com attach_file /
computer localhost send POST www.pb-games.com attach_file /
computer localhost send POST www.ora.ecnet.jp attach_file /
computer localhost send POST www.nunomira.com attach_file /
computer localhost send POST www.snugpak.com attach_file /
computer localhost send POST www.pdqhomes.com attach_file /
computer localhost send POST www.crcsi.org attach_file /
computer localhost send POST www.spanesi.com attach_file /
computer localhost send POST www.ora-ito.com attach_file /
computer localhost send POST www.ottospm.com attach_file /
computer localhost send POST www.nelipak.nl attach_file /

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 98.63%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.83%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 63.50%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 45.70%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download