Report #5311 check_circle
- Creation Date: Nov. 21, 2019, 5:42 p.m.
- Last Update: Nov. 21, 2019, 5:52 p.m.
- File: 002
- Results:
Binary
DLL
False cancel
Size
165.00KB
trid
50.8% Win32 Executable MS Visual C++21.3% Windows screen saver10.7% Win32 Dynamic Link Library7.3% Win32 Executable3.3% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
27cd0ab02b1244188ede241ea1e087f5
sha1
19f150d1615da6b79d120cbc6fb857b0a8577c40
crc32
0x28ff4411
sha224
119f5fc3976f40e3ca8d6c23b14c1baaaf0d0662cfc21b3fb1660cd8
sha256
defdfb21f88faa2c9c674737742f28c620c8939acd51ea237bfd54ac4a7d6656
sha384
c314d23a1eb2a7b6fddd122f33402354f29e94f9806434637df8a1d6228a62c77bde52b8d3b16530a8f62f616608bdba
sha512
803ab429ddb123392ff8db0b0b9b2987b1092935172d0999d6ea4984cae7f5a9b2b5ef703e82f17c0c7b7d2e808e4caf3138c0f2228c654f4d4169cca8ffd55d
ssdeep
3072:E9HnBQqT54fdN7GHw32q59Bu8yB7kiPBPjGENdR7roi8Yweas1p:E9HnBQqmLZ2qrBY7LjGk/7romgsX
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, contentis_base64, anti_dbg, VM_Generic_Detection, IP, url, IsWindowsGUI, win_mutex, Microsoft_Visual_Cpp_8, win_registry, Advapi_Hash_API, win_files_operation, IsPE32, HasRichSignature
Suspicious
True check_circle
Strings
List
http://timenowis1.top/E32HGDGFD65.exehttp://timenowis1.top/E976HDGFD65.exe_NT.download{"algo": "cryptonight","api": {"port": 0,"access-token": null,"id": null,"worker-id": null,"ipv6": false, "restricted": true },"asm": true, "autosave": false,"av": 1,"background": true,"colors": false,"cpu-affinity": null,"cpu-priority": null, "donate-level": 1, "huge-pages": null,"hw-aes": null, "log-file": "CN39KPIMASK" ,"max-cpu-usage": 55,"pools": [ { "url": "51.68.28.138:8080", "user": "4476TbUZa5cffKCzE6njxZBMUudCbsuvSVt7Woy23SKajYZibqwCPD8f3EYS8pXBimUzjkfXu7v4oJCoN1ry9GfsTWgkyEt","pass": "NtCall:", "rig-id": null,"nicehash": true, "keepalive": true, "variant": -1,"tls": false,"tls-fingerprint": null }],"print-time": 20,"retries": 5,"retry-pause": 5,"safe": true,"threads": null,"user-agent": null,"watch": false}/wvyahs/nhaldhf/jvtthuk/pukle.wow_NT.au/wvyahs/nhaldhf/mllkihjr/pukle.wow/wvyahs/nhaldhf/hspcl/pukle.wow%sconfig.json%AppData%Software\microsoft\windows\currentversion\explorer\advanced\folder\superhiddenAptluvdpz4.avwNetapi32.dllWAdvapi32.dllWininet.dllUrlmon.dll_HttpSendRequestA Failed with Error Code [%d]MSASCuiL.exe_HttpOpenRequestA Failed with Error Code [%d]]eventvwr.exeNT99KPIMASK.exeHARDWARE\DESCRIPTION\System\CentralProcessor\0HARDWARE\DESCRIPTION\System\CentralProcessor\0Activated by AdminSOFTWARE\Microsoft\Windows NT\CurrentVersionFailed to (InternetOpenA) [%d]Failed to (InternetConnectA) [%d]No such processNo such device or addressDetected by AV/c Taskkill /PID %d /F & del /A:H %s > nulToo many open files in systemToo many linksToo many open filesResult too largeNo such deviceResource deviceOERR.1 [%d]ERR.2 [%d]Failed to CreateProcess(Miner) [%d]Operation not permittedFailed to (InternetConnectA) with code [%d]Failed to (InternetOpenA) with code [%d]Software\Microsoft\EngineIndicator\Dpukvdz-ZlhyjoLunpull.lelHttp()_HttpPost()HttpSendRequestAHttpOpenRequestAmscoree.dll<requestedPrivileges>GetShortPathNameW Failed with error code [%d]Miner Thread()- abort() has been calledIsProcessorFeaturePresentGetProcAddressI succeed with CopyFileW, But i cannot Run_Process with error code [%d]COMSPECMain Folder not Exist, also i failed to CreateDirectoryW with Error code [%d], Home Path: [%ws]Exe is already in Target Path, But not able to Run_Process with error code [%d]GetModuleFileNameW Failed with error code [%d]ExitProcess_RegCreateKeyExW_ Failed with error code [%d]_RegSetValueExW_ Failed with error code [%d]Process32FirstWtWSShProcess32NextWError: Cannot create connection thread with code [%d]PSShPSShIsDebuggerPresentOpenProcessTerminateProcessCreateProcessWShellExecuteWShellExecuteExWPermission denied&SHA18=&SHA17=&SHA10=&SHA13=&SHA16=&SHA15=&SHA12=&SHA11=&SHA14=InternetReadFileCreateMutexWCreateDirectoryWRegSetValueExARegCreateKeyExARegQueryValueExAHeapCreateTerminateThreadSetFilePointerQueryPerformanceCounterWriteFileGetModuleFileNameWDeleteFileWGetModuleHandleW
Foremost
Matches
0.exe, 165 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circleAllowed: 51.68.28.138, 1, gnosis.systems.SuspicioushasAllowed: True check_circlehasSuspicious: False cancel
URLs
AllowedhasURLs: True check_circleSuspicious: http://timenowis1.top/e32hgdgfd65.exe, http://timenowis1.top/e976hdgfd65.exehasAllowed: False cancelhasSuspicious: True check_circle
Files
Allowed: Shell32.dll, Kernel32.dll, WAdvapi32.dll, Urlmon.dll, Netapi32.dll, Wininet.dll, WUSER32.DLL, Shlwapi.dll, mscoree.dll, ADVAPI32.dll, USER32.dllhasFiles: True check_circleSuspicioushasAllowed: True check_circlehasSuspicious: False cancel
Binary
Sizes
RVARVA: 16Suspicious: False cancelCodeSize: 37888Suspicious: False cancelImageAddress: 4194304Suspicious: False cancelStackStack: 4096Suspicious: False cancelHeadersHeaders: 4096Suspicious: False cancelSuspicious: False cancel
Symbols
NumberNumber: 0Suspicious: True check_circlePointerPointer: 0Suspicious: True check_circleDirectoriesNumber: 16Suspicious: False cancel
Checksum
Value: 0Suspicous: True check_circle
Sections
Allowed: .text, .rdata, .data, .rsrcSuspicioushasAllowed: True check_circlehasSections: True check_circlehasSuspicious: False cancel
Versions
OSVersion: 5Suspicious: False cancelImageVersion: True check_circleSuspicious: 5LinkerVersion: 10.0Suspicious: False cancelSubsystemVersion: 5.1Suspicious: False cancelSuspicious: False cancel
EntryPoint
Address: 58975Suspicious: False cancel
Anomalies
Anomalies: The header checksum and the calculated checksum do not match.hasAnomalies: True check_circle
Libraries
Allowed: shell32.dll, kernel32.dll, urlmon.dll, netapi32.dll, wininet.dll, shlwapi.dll, mscoree.dll, advapi32.dll, user32.dllhasLibs: True check_circleSuspicious: wadvapi32.dll, wuser32.dllhasAllowed: True check_circlehasSuspicious: True check_circle
Timestamp
Past: False cancelValid: True check_circleValue: 2018-11-04 18:53:13Future: False cancel
Compilation
Packed: False cancelMissing: False cancelPackersCompiled: True check_circleCompilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation
Obfuscation
XOR: False cancelFuzzing: True check_circle
PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1.text: 3
pushpopmath
.text: 5.rdata: 7
garbagebytes
.data: 1.text: 3
stealthimport
.rdata: 1
programcontrolflowchange
.data: 1.text: 3
cpuinstructionsresultscomparison
.data: 1
AVclass
cerber
1
VirusTotal
md5
27cd0ab02b1244188ede241ea1e087f5
sha1
19f150d1615da6b79d120cbc6fb857b0a8577c40
SCANS
AVG
result: Win32:Malware-genupdate: 20191020version: 18.4.3895.0detected: True check_circle
CMC
update: 20190321version: 1.1.0.977detected: False cancel
MAX
result: malware (ai score=100)update: 20191020version: 2019.9.16.1detected: True check_circle
APEX
result: Maliciousupdate: 20191019version: 5.75detected: True check_circle
Bkav
update: 20191018version: 1.3.0.10239detected: False cancel
K7GW
result: Trojan ( 004889a31 )update: 20191010version: 11.72.32236detected: True check_circle
ALYac
result: Trojan.Agent.Minerupdate: 20191020version: 1.1.1.5detected: True check_circle
Avast
result: Win32:Malware-genupdate: 20191020version: 18.4.3895.0detected: True check_circle
Avira
update: 20191020version: 8.3.3.8detected: False cancel
Baidu
update: 20190318version: 1.0.0.2detected: False cancel
Cyren
result: W32/Trojan.WOOS-1680update: 20191020version: 6.2.2.2detected: True check_circle
DrWeb
result: Trojan.MulDrop8.58100update: 20191020version: 7.0.41.7240detected: True check_circle
GData
result: Gen:Variant.Ransom.Cerber.324update: 20191020version: A:25.23726B:26.16353detected: True check_circle
Panda
result: Trj/CI.Aupdate: 20191019version: 4.6.4.2detected: True check_circle
VBA32
update: 20191018version: 4.2.0detected: False cancel
Zoner
update: 20191020version: 1.0.0.1detected: False cancel
ClamAV
result: Win.Coinminer.Generic-7151253-0update: 20191019version: 0.102.0.0detected: True check_circle
Comodo
result: Malware@#2yrl05rl5pez6update: 20191020version: 31624detected: True check_circle
F-Prot
update: 20191020version: 4.7.1.166detected: False cancel
Ikarus
result: Trojan.Win32.Cryptupdate: 20191019version: 0.1.5.2detected: True check_circle
McAfee
result: GenericRXGO-MJ!27CD0AB02B12update: 20191020version: 6.0.6.653detected: True check_circle
Rising
result: Dropper.Generic!8.35E (TFE:5:iuGN0bZsk4M)update: 20191020version: 25.0.0.24detected: True check_circle
Sophos
result: Generic PUA BJ (PUA)update: 20191020version: 4.98.0detected: True check_circle
Yandex
result: Trojan.Agent!fTrC+xMVKkgupdate: 20191018version: 5.5.2.24detected: True check_circle
Zillya
result: Trojan.Generic.Win32.316010update: 20191018version: 2.0.0.3929detected: True check_circle
Acronis
result: suspiciousupdate: 20191018version: 1.1.1.58detected: True check_circle
Alibaba
result: Trojan:Win32/BitMiner.dc4e0e1eupdate: 20190527version: 0.3.0.5detected: True check_circle
Arcabit
result: Trojan.Ransom.Cerber.324update: 20191020version: 1.0.0.859detected: True check_circle
Cylance
result: Unsafeupdate: 20191020version: 2.3.1.101detected: True check_circle
Endgame
result: malicious (high confidence)update: 20190918version: 3.0.15detected: True check_circle
FireEye
result: Generic.mg.27cd0ab02b124418update: 20191020version: 29.7.0.0detected: True check_circle
TACHYON
update: 20191020version: 2019-10-20.01detected: False cancel
Tencent
update: 20191020version: 1.0.0.1detected: False cancel
ViRobot
update: 20191019version: 2014.3.20.0detected: False cancel
Webroot
result: PUA.Genupdate: 20191020version: 1.0.0.403detected: True check_circle
eGambit
result: Unsafe.AI_Score_58%update: 20191020version: v5.0.6detected: True check_circle
Ad-Aware
result: Gen:Variant.Ransom.Cerber.324update: 20191020version: 3.0.5.370detected: True check_circle
AegisLab
update: 20191020version: 4.2detected: False cancel
Emsisoft
result: Gen:Variant.Ransom.Cerber.324 (B)update: 20191020version: 2018.12.0.1641detected: True check_circle
F-Secure
update: 20191020version: 12.0.86.52detected: False cancel
Fortinet
result: W32/Kryptik.GMGV!trupdate: 20191020version: 5.4.247.0detected: True check_circle
Invincea
result: heuristicupdate: 20190904version: 6.3.6.26157detected: True check_circle
Jiangmin
result: RiskTool.BitMiner.bkllupdate: 20191020version: 16.0.100detected: True check_circle
Kingsoft
update: 20191020version: 2013.8.14.323detected: False cancel
Paloalto
result: generic.mlupdate: 20191020version: 1.0detected: True check_circle
Symantec
result: PUA.Gen.2update: 20191019version: 1.11.0.0detected: True check_circle
Trapmine
update: 20190826version: 3.1.81.800detected: False cancel
AhnLab-V3
update: 20191019version: 3.16.3.25410detected: False cancel
Antiy-AVL
result: RiskWare[RiskTool]/Win32.BitMinerupdate: 20191020version: 3.0.0.1detected: True check_circle
Kaspersky
result: not-a-virus:HEUR:RiskTool.Win32.BitMiner.genupdate: 20191020version: 15.0.1.13detected: True check_circle
Microsoft
result: Trojan:Win32/Occamy.Cupdate: 20191020version: 1.1.16500.1detected: True check_circle
Qihoo-360
result: Win32/Trojan.Ransom.704update: 20191020version: 1.0.0.1120detected: True check_circle
ZoneAlarm
result: not-a-virus:HEUR:RiskTool.Win32.BitMiner.genupdate: 20191020version: 1.0detected: True check_circle
Cybereason
result: malicious.02b124update: 20190616version: 1.2.449detected: True check_circle
ESET-NOD32
result: a variant of Win32/Agent.TKPupdate: 20191020version: 20209detected: True check_circle
TrendMicro
result: Coinminer_MALREP.THAAAEAHupdate: 20191020version: 11.0.0.1006detected: True check_circle
BitDefender
result: Gen:Variant.Ransom.Cerber.324update: 20191020version: 7.2detected: True check_circle
CrowdStrike
result: win/malicious_confidence_100% (D)update: 20190702version: 1.0detected: True check_circle
K7AntiVirus
result: Trojan ( 004889a31 )update: 20191020version: 11.73.32320detected: True check_circle
SentinelOne
result: DFI - Suspicious PEupdate: 20190807version: 1.0.31.22detected: True check_circle
Avast-Mobile
update: 20191012version: 191012-04detected: False cancel
Malwarebytes
result: Trojan.Downloaderupdate: 20191020version: 2.1.1.1115detected: True check_circle
TotalDefense
update: 20191020version: 37.1.62.1detected: False cancel
CAT-QuickHeal
result: Trojan.Wacatacupdate: 20191019version: 14.00detected: True check_circle
NANO-Antivirus
result: Trojan.Win32.Kryptik.fkcexsupdate: 20191020version: 1.0.134.24859detected: True check_circle
MicroWorld-eScan
result: Gen:Variant.Ransom.Cerber.324update: 20191020version: 14.0.297.0detected: True check_circle
SUPERAntiSpyware
update: 20191019version: 5.6.0.1032detected: False cancel
McAfee-GW-Edition
result: GenericRXGO-MJ!27CD0AB02B12update: 20191019version: v2017.3010detected: True check_circle
TrendMicro-HouseCall
result: Coinminer_MALREP.THAAAEAHupdate: 20191020version: 10.0.0.1040detected: True check_circle
total
69
sha256
defdfb21f88faa2c9c674737742f28c620c8939acd51ea237bfd54ac4a7d6656
scan_id
defdfb21f88faa2c9c674737742f28c620c8939acd51ea237bfd54ac4a7d6656-1571543260
resource
27cd0ab02b1244188ede241ea1e087f5
positives
51
scan_date
2019-10-20 03:47:40
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | SortDefault.nls |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\malware.exe | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\malware.exe | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\malware.exe | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Read | 1480 | C:\malware.exe | C:\malware.exe | |
| 21/11/2019 - 16:45:54.668 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Read | 1480 | C:\malware.exe | C:\malware.exe | |
| 21/11/2019 - 16:45:54.668 | Write | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\malware.exe | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 21/11/2019 - 16:45:54.668 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rpcss.dll | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rpcss.dll | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\uxtheme.dll | |
| 21/11/2019 - 16:45:54.668 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\uxtheme.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:54.731 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\PROPSYS.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:54.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\WindowsShell.Manifest | |
| 21/11/2019 - 16:45:54.731 | Unknown | 1480 | C:\malware.exe | C:\Windows\WindowsShell.Manifest | WindowsShell.Manifest |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\desktop.ini | |
| 21/11/2019 - 16:45:54.731 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop\desktop.ini | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\System32\propsys.dll | |
| 21/11/2019 - 16:45:54.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\propsys.dll | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Windows\System32\propsys.dll | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Read | 1480 | C:\malware.exe | C:\Users\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Searches\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Videos\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.747 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.747 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 21/11/2019 - 16:45:54.747 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Pictures\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Contacts\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Favorites\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Music\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Downloads\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Documents\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Links\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Links\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\Saved Games\desktop.ini | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\apphelp.dll | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\apphelp.dll | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\apphelp.dll | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:54.762 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:54.762 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shdocvw.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.28 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.28 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.28 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.28 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.43 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.43 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.43 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.43 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.43 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.215 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\twext.dll | |
| 21/11/2019 - 16:45:55.231 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:55.231 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.231 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.231 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\CRYPTSP.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\RpcRtRemote.dll | |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 21/11/2019 - 16:45:55.325 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 21/11/2019 - 16:45:55.325 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 21/11/2019 - 16:45:55.325 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\desktop.ini | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | |
| 21/11/2019 - 16:45:55.372 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 21/11/2019 - 16:45:55.372 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ProgramData | |
| 21/11/2019 - 16:45:55.372 | Unknown | 1480 | C:\malware.exe | C:\ProgramData | |
| 21/11/2019 - 16:45:55.372 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\desktop.ini | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft | |
| 21/11/2019 - 16:45:55.387 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.387 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | |
| 21/11/2019 - 16:45:55.387 | Read | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 21/11/2019 - 16:45:55.387 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.387 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ProgramData | |
| 21/11/2019 - 16:45:55.387 | Unknown | 1480 | C:\malware.exe | C:\ProgramData | |
| 21/11/2019 - 16:45:55.387 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 21/11/2019 - 16:45:55.403 | Read | 1480 | C:\malware.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\Desktop | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Users\Public\Desktop | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Users\Public\desktop.ini | |
| 21/11/2019 - 16:45:55.403 | Read | 1480 | C:\malware.exe | C:\Users\Public\desktop.ini | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Users\Public\Desktop\desktop.ini | |
| 21/11/2019 - 16:45:55.403 | Read | 1480 | C:\malware.exe | C:\Users\Public\Desktop\desktop.ini | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.403 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.403 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.512 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.512 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.512 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.559 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.559 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.559 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.606 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\gameux.dll | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.622 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be | |
| 21/11/2019 - 16:45:55.622 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\xmllite.dll | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\xmllite.dll | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wer.dll | |
| 21/11/2019 - 16:45:55.622 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\wer.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Monitor\gameux.dll | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned | |
| 21/11/2019 - 16:45:55.637 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.637 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.637 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.637 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.637 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.637 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.637 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | |
| 21/11/2019 - 16:45:55.653 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 21/11/2019 - 16:45:55.653 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 21/11/2019 - 16:45:55.653 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\shell32.dll | |
| 21/11/2019 - 16:45:55.668 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.668 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.668 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.668 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:55.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:55.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:55.668 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.668 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:55.684 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.684 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:55.684 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.684 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.684 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.700 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.700 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.700 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.700 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.700 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.715 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.731 | Open | 1480 | C:\malware.exe | C:\cscapi.dll | |
| 21/11/2019 - 16:45:55.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cscapi.dll | |
| 21/11/2019 - 16:45:55.731 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\cscapi.dll | |
| 21/11/2019 - 16:45:55.747 | Open | 1480 | C:\malware.exe | C:\slc.dll | |
| 21/11/2019 - 16:45:55.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\slc.dll | |
| 21/11/2019 - 16:45:55.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\slc.dll | |
| 21/11/2019 - 16:45:55.747 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.747 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:55.747 | Open | 1480 | C:\malware.exe | C:\Users\Public | |
| 21/11/2019 - 16:45:55.747 | Unknown | 1480 | C:\malware.exe | C:\Users\Public | |
| 21/11/2019 - 16:45:55.747 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\ntshrui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.809 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.809 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.809 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.809 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.825 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.825 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.825 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\synceng.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\synceng.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc | |
| 21/11/2019 - 16:45:55.840 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\linkinfo.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\linkinfo.dll | |
| 21/11/2019 - 16:45:55.840 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\syncui.dll | |
| 21/11/2019 - 16:45:55.856 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:55.856 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.856 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.856 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:55.856 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.856 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:55.856 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.856 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.872 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.872 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.872 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.872 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64 | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.872 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.981 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.981 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.981 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:55.981 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\sfc.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\sfc.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\sfc_os.DLL | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\sfc_os.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\sfc_os.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msi.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\msi.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\version.dll | |
| 21/11/2019 - 16:45:56.43 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\version.dll | |
| 21/11/2019 - 16:45:56.90 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\acppage.dll | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\malware.exe.Local | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.106 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\winsxs\FileMaps\users_behemot_appdata_roaming_microsoft_a851a1047c421b2c.cdf-ms | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\DEVRTL.dll | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\devrtl.dll | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\devrtl.dll | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\imageres.dll | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 21/11/2019 - 16:45:56.106 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\imageres.dll | |
| 21/11/2019 - 16:45:56.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt-BR\imageres.dll.mui | |
| 21/11/2019 - 16:45:56.309 | Open | 1480 | C:\malware.exe | C:\Windows\System32\pt-BR\imageres.dll.mui | |
| 21/11/2019 - 16:45:56.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\pt\imageres.dll.mui | |
| 21/11/2019 - 16:45:56.309 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US | |
| 21/11/2019 - 16:45:56.309 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | |
| 21/11/2019 - 16:45:56.309 | Read | 1480 | C:\malware.exe | C:\Windows\SysWOW64\en-US\imageres.dll.mui | imageres.dll.mui |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\urlmon.dll | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\urlmon.dll | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Secur32.dll | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\secur32.dll | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\secur32.dll | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:56.356 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\api-ms-win-downlevel-advapi32-l2-1-0.dll | |
| 21/11/2019 - 16:45:56.356 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | api-ms-win-downlevel-advapi32-l2-1-0.dll |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | api-ms-win-downlevel-advapi32-l2-1-0.dll |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe:Zone.Identifier | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Monitor | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Windows\AppPatch\sysmain.sdb | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\ | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:45:56.418 | Read | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:45:56.418 | Open | 1480 | C:\malware.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\ui\SwDRM.dll | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.418 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\Prefetch\WINDOWS-SEARCHENGINEE.EXE-371F48E4.pf | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64win.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64win.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64cpu.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64cpu.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\System32\wow64log.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows | |
| 21/11/2019 - 16:45:56.481 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Monitor | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\sechost.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\sechost.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\imm32.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\imm32.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\imm32.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\imm32.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\imm32.dll | |
| 21/11/2019 - 16:45:56.481 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\imm32.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Netapi32.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netapi32.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netapi32.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\netutils.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netutils.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netutils.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\srvcli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\srvcli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\srvcli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\wkscli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wkscli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wkscli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\SAMCLI.DLL | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\samcli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\samcli.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\SAMLIB.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\samlib.dll | |
| 21/11/2019 - 16:45:56.497 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\samlib.dll | |
| 21/11/2019 - 16:45:56.512 | Unknown | 1480 | C:\malware.exe | C:\Windows | |
| 21/11/2019 - 16:45:56.512 | Unknown | 1480 | C:\malware.exe | C:\Monitor | |
| 21/11/2019 - 16:45:56.512 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:45:56.512 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be | |
| 21/11/2019 - 16:45:56.512 | Unknown | 1480 | C:\malware.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc | |
| 21/11/2019 - 16:45:56.559 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | |
| 21/11/2019 - 16:45:56.559 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\Globalization\Sorting\SortDefault.nls | SortDefault.nls |
| 21/11/2019 - 16:46:8.684 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:46:8.684 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:46:8.684 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:46:8.684 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:46:8.684 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.684 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.684 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:46:8.684 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | |
| 21/11/2019 - 16:46:8.731 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | Windows-SearchEnginee.exe |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.731 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:46:8.731 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\version.DLL | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\version.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\version.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Secur32.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\secur32.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\secur32.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:46:8.731 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\api-ms-win-downlevel-advapi32-l2-1-0.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | |
| 21/11/2019 - 16:46:8.731 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | api-ms-win-downlevel-advapi32-l2-1-0.dll |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | |
| 21/11/2019 - 16:46:8.731 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll | api-ms-win-downlevel-advapi32-l2-1-0.dll |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\winhttp.dll | |
| 21/11/2019 - 16:46:8.731 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\winhttp.dll | |
| 21/11/2019 - 16:46:8.747 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\webio.dll | |
| 21/11/2019 - 16:46:8.747 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\webio.dll | |
| 21/11/2019 - 16:46:8.793 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\History | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\History | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\History | |
| 21/11/2019 - 16:46:8.809 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5 | |
| 21/11/2019 - 16:46:8.809 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5 | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\mswsock.dll | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\mswsock.dll | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wship6.dll | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wship6.dll | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\IPHLPAPI.DLL | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\IPHLPAPI.DLL | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\IPHLPAPI.DLL | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\WINNSI.DLL | |
| 21/11/2019 - 16:46:8.856 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\winnsi.dll | |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\winnsi.dll | |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\api-ms-win-downlevel-shlwapi-l2-1-0.dll | |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | |
| 21/11/2019 - 16:46:8.872 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | api-ms-win-downlevel-shlwapi-l2-1-0.dll |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | |
| 21/11/2019 - 16:46:8.872 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll | api-ms-win-downlevel-shlwapi-l2-1-0.dll |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\DNSAPI.dll | |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dnsapi.dll | |
| 21/11/2019 - 16:46:8.872 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dnsapi.dll | |
| 21/11/2019 - 16:46:8.981 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rpcss.dll | |
| 21/11/2019 - 16:46:8.981 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rpcss.dll | |
| 21/11/2019 - 16:46:9.28 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netprofm.dll | |
| 21/11/2019 - 16:46:9.28 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netprofm.dll | |
| 21/11/2019 - 16:46:9.28 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\nlaapi.dll | |
| 21/11/2019 - 16:46:9.28 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\nlaapi.dll | |
| 21/11/2019 - 16:46:9.75 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\dhcpcsvc6.DLL | |
| 21/11/2019 - 16:46:9.75 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dhcpcsvc6.dll | |
| 21/11/2019 - 16:46:9.75 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dhcpcsvc6.dll | dhcpcsvc6.dll |
| 21/11/2019 - 16:46:9.75 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dhcpcsvc6.dll | |
| 21/11/2019 - 16:46:9.75 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dhcpcsvc6.dll | dhcpcsvc6.dll |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\WSHTCPIP.DLL | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\WSHTCPIP.DLL | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\dhcpcsvc.DLL | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dhcpcsvc.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\dhcpcsvc.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\CRYPTSP.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\cryptsp.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.122 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rsaenh.dll | |
| 21/11/2019 - 16:46:9.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\RpcRtRemote.dll | |
| 21/11/2019 - 16:46:9.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 21/11/2019 - 16:46:9.137 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 21/11/2019 - 16:46:9.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | |
| 21/11/2019 - 16:46:9.137 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\RpcRtRemote.dll | RpcRtRemote.dll |
| 21/11/2019 - 16:46:9.184 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\rasadhlp.dll | |
| 21/11/2019 - 16:46:9.184 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rasadhlp.dll | |
| 21/11/2019 - 16:46:9.184 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\rasadhlp.dll | |
| 21/11/2019 - 16:46:9.231 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\npmproxy.dll | |
| 21/11/2019 - 16:46:9.231 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\npmproxy.dll | |
| 21/11/2019 - 16:46:10.309 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll | |
| 21/11/2019 - 16:46:10.309 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll | |
| 21/11/2019 - 16:46:10.606 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\FWPUCLNT.DLL | |
| 21/11/2019 - 16:46:10.606 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\FWPUCLNT.DLL | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe.Local | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:46:10.700 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\WindowsShell.Manifest | |
| 21/11/2019 - 16:46:10.700 | Unknown | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\WindowsShell.Manifest | WindowsShell.Manifest |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\ws2_32.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\ws2_32.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\WSHTCPIP.DLL | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\WSHTCPIP.DLL | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\WSHTCPIP.DLL | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wship6.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wship6.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wship6.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:46:10.700 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wshqos.dll | |
| 21/11/2019 - 16:47:16.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netprofm.dll | |
| 21/11/2019 - 16:47:16.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netprofm.dll | |
| 21/11/2019 - 16:47:16.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\nlaapi.dll | |
| 21/11/2019 - 16:47:16.137 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\nlaapi.dll | |
| 21/11/2019 - 16:47:16.325 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\npmproxy.dll | |
| 21/11/2019 - 16:47:16.325 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\npmproxy.dll | |
| 21/11/2019 - 16:47:17.512 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll | |
| 21/11/2019 - 16:47:17.512 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll | |
| 21/11/2019 - 16:48:52.840 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netprofm.dll | |
| 21/11/2019 - 16:48:52.840 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\netprofm.dll | |
| 21/11/2019 - 16:48:52.840 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\nlaapi.dll | |
| 21/11/2019 - 16:48:52.840 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\nlaapi.dll | |
| 21/11/2019 - 16:48:53.28 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\npmproxy.dll | |
| 21/11/2019 - 16:48:53.28 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\npmproxy.dll | |
| 21/11/2019 - 16:48:54.184 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll | |
| 21/11/2019 - 16:48:54.184 | Open | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | C:\Windows\SysWOW64\wininet.dll |
Process
Trace
| 21/11/2019 - 16:45:56.418 | Create | 1480 | C:\malware.exe | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe |
Analysis
Reason
Timeout
Status
Sucessfully Executed
Results
1
Registry
Trace
| 21/11/2019 - 16:45:42.497 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\EngineIndicator | SearchID |
| 21/11/2019 - 16:45:55.372 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.372 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.372 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.387 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.637 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.653 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.653 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.653 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.653 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:55.809 | Write | 1480 | C:\malware.exe | HKCU\Local Settings\MuiCache\5\96383CDB | LanguageList |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ProxyBypass |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | IntranetName |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | UNCAsIntranet |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | AutoDetect |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ProxyBypass |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | IntranetName |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | UNCAsIntranet |
| 21/11/2019 - 16:45:56.356 | Write | 1480 | C:\malware.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | AutoDetect |
| 21/11/2019 - 16:46:8.684 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Windows Search Indexer |
| 21/11/2019 - 16:46:8.731 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Windows Search Indexer |
| 21/11/2019 - 16:46:8.731 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer | ShellState |
| 21/11/2019 - 16:46:8.731 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\SuperHidden | UncheckedValue |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Hidden |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | ShowCompColor |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | HideFileExt |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | DontPrettyPath |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | ShowInfoTip |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | HideIcons |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | MapNetDrvBtn |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | WebView |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Filter |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | SuperHidden |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | SeparateProcess |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | AutoCheckSelect |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | IconsOnly |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | ShowTypeOverlay |
| 21/11/2019 - 16:46:8.793 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content | CachePrefix |
| 21/11/2019 - 16:46:8.809 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies | CachePrefix |
| 21/11/2019 - 16:46:8.809 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History | CachePrefix |
| 21/11/2019 - 16:46:8.872 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable |
| 21/11/2019 - 16:46:8.872 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer |
| 21/11/2019 - 16:46:8.872 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyOverride |
| 21/11/2019 - 16:46:8.872 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL |
| 21/11/2019 - 16:46:8.872 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoDetect |
| 21/11/2019 - 16:46:8.872 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | SavedLegacySettings |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ProxyBypass |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | IntranetName |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | UNCAsIntranet |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | AutoDetect |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | ProxyBypass |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | IntranetName |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | UNCAsIntranet |
| 21/11/2019 - 16:46:9.122 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap | AutoDetect |
| 21/11/2019 - 16:46:9.278 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:46:9.278 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:46:9.278 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:46:9.278 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecisionReason |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecisionTime |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecision |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadNetworkName |
| 21/11/2019 - 16:46:10.559 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDetectedUrl |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:46:10.559 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:46:10.559 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:46:10.559 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:47:16.325 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:47:16.325 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:47:16.325 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:47:16.325 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecisionReason |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecisionTime |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecision |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadNetworkName |
| 21/11/2019 - 16:47:17.622 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDetectedUrl |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:47:17.622 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:47:17.622 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:47:17.622 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:48:53.28 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:48:53.28 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:48:53.28 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:48:53.28 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecisionReason |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecisionTime |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDecision |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadNetworkName |
| 21/11/2019 - 16:48:54.340 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60} | WpadDetectedUrl |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:48:54.340 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionReason |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecisionTime |
| 21/11/2019 - 16:48:54.340 | Write | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDecision |
| 21/11/2019 - 16:48:54.340 | Delete | 804 | C:\Users\Behemot\AppData\Roaming\Microsoft\Windows-SearchEnginee.exe | HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3 | WpadDetectedUrl |
File Summary
Created
Identified: True check_circle
Deleted
Identified: False cancel
Process Summary
Created
Identified: True check_circle
Deleted
Identified: False cancel
Registry Summary
Proxy
Identified: False cancel
AutoRun
Identified: False cancel
Created
Identified: True check_circle
Deleted
Identified: True check_circle
Browsers
Identified: False cancel
Internet
Identified: True check_circle
Loading...
DNS
Query
computer localhost arrow_forward computer gateway:DNS code timenowis1.top. computer localhost arrow_forward computer gateway:50273 code timenowis1.top.
Response
computer gateway:DNS arrow_forward computer localhost code timenowis1.top. reply_all 127.0.0.1
TCP
Info
UDP
Info
computer localhost:53 arrow_forward computer localhost:50273computer localhost:50273 arrow_forward computer localhost:53computer localhost:67 arrow_forward computer localhost:68computer localhost:68 arrow_forward help_outline 255.255.255.255:67
HTTP
Info
Summary
DNS
True check_circle
TCP
False cancel
UDP
True check_circle
HTTP
False cancel
Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%suspicious: True check_circle
Decision Tree (NFS-BRMalware)
confidence: 100.00%suspicious: True check_circle
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.72%suspicious: False cancel
MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.28%suspicious: True check_circle
Random Forest (100 estimators, NFS-BRMalware)
confidence: 70.50%suspicious: False cancel
Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 36.04%suspicious: True check_circle
LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.91%suspicious: True check_circle