Report #5619 check_circle

  • Creation Date: Feb. 11, 2020, 5:46 p.m.
  • Last Update: Feb. 11, 2020, 7:48 p.m.
  • File: 2019_si_CPf-.exe
  • Results:
Binary
DLL
False cancel
Size
3.23MB
trid
35.7% Win32 Executable
16.4% Win16/32 Executable Delphi generic
16.0% OS/2 Executable
15.8% Generic Win/DOS Executable
15.8% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
39bbb55a6c14cdaa1516dcb54b18a407
sha1
d9d951104cdc28d717e78db2f931efc73d6310f2
crc32
0xb77be022
sha224
78b45daace35c4e6a88550a4feb3b15880978245dffe9e657b1801dd
sha256
1d78e662b543b0d0a440ac497d7fc9108c27641ff32b345c5d3f602e058c0371
sha384
e7c32efe5e099f3e9f758cf6c66b69c35edce05683c45e103dfaf6c3bbdcbdb51bb0603b343e2359e824bada47a92150
sha512
1ecce2dbf18a007182edc564881045a7f4ad12edc74f85e09e27cfcf4c571600014db3c1ffbeef41e3afa7028f4581922c1f48266fb788e5548bf6a4135e1043
ssdeep
49152:zWOMCWo/ZnSwuDoHPr/mFe2JPUWuH1LwiBPwzntiA9GLiogGsQG+z+e+bLwjcNag:zyRRDoHZ2rOeWPZFa2KL+cNl
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IsWindowsGUI, ASProtect_v12x_New_Strain_additional, ASProtect_v12x_New_Strain, ASProtect_133_21_Registered_Alexey_Solodovnikov, contentis_base64, ASProtectv12xNewStrain, ASProtect_133_21_Registered_Alexey_Solodovnikov_additional, SHA1_Constants, ASProtect_V2X_Registered_Alexey_Solodovnikov, HasDebugData, IsPacked, Microsoft_Visual_Basic_v50, ASProtect_v11_BRS, ASProtect13321RegisteredAlexeySolodovnikov, IsPE32, domain, VMProtect_1704_phpbb3

Suspicious
True check_circle

Strings
List
n.ht
d.Cn
G.iR
bi.UA
a.bn
f.sE
o.Nu
T.aE
A.ST
1.VA
C.vU
H.Pr
M.tK
6sU.iq
S.By
T.mt
h.gW
Db.pN
U.Tg
J.gQ
Z.Ke
n.kZ
e.tZ
Qz_.lc
q.nF
o>!}]C.Nu
A.mo+e
winspool.drv
winspool.drv
o.sis
5.bas
D.voi
;r&t.vn
netapi32.dll
comctl32.dll
version.dll
wininet.dll
Project2.exe
(@,0
+^-9
*.*7
@In0G
i&r-D
[d?TF}
PEFW,-
saUffg|0
G<tH
Es:w
^tFh
Sh,E
irG>
e-ya
p*MND
hfD=p
tRB`AL
{fDoun
aT!SvC
w6!R%n,dA
DOWH~3%G
Hu jIC:w
*!e%9i"
i1aB
Rd3l
%5e)e
%e7?$
%a6*e
2$%GtS
0d;%E
%A{5S
,%Ee8
3%sMA>
v%Ahs?G&
\r+#lI%o
8TN%F
%p6tE
ac]%u:F
%%</(
/%+%,
.)%i+o
a$%dt]
Da!%E
R%E-U
T%^%dI
E%f;n
:~N%o
D@r%E
%A$S>
g#Lh%e
`%n]O
%aFGl$
%hi7oK
FtL9W%FvS
OCMS
Gyo%d}L
R%efdn]
%iDrE
UCEO
afDe
PIfD
%sLIy

Foremost
Matches
0.exe, 3 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: netapi32.dll, ole32.dll, wininet.dll, user32.dll, advapi32.dll, comctl32.dll, gdi32.dll, kernel32.dll, oleaut32.dll, version.dll, shell32.dll, msvcrt.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 11333234
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1536
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: , , , , , , , , , , .rsrc, , .data, .adata
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4096
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: netapi32.dll, ole32.dll, wininet.dll, user32.dll, advapi32.dll, comctl32.dll, gdi32.dll, kernel32.dll, oleaut32.dll, version.dll, shell32.dll, msvcrt.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-07-17 14:03:27
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: ASProtect v1.2x, ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov
Compiled: False cancel
Compilers
MainPacker: ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 470
.rsrc: 1107

pushpopmath
none: 261
.rsrc: 609

ss register
none: 11
.rsrc: 17

garbagebytes
none: 188
.rsrc: 411

hookdetection
none: 19
.rsrc: 38

software breakpoint
none: 16
.rsrc: 40

fakeconditionaljumps
none: 17
.rsrc: 31

programcontrolflowchange
none: 172
.rsrc: 381

cpuinstructionsresultscomparison
.rsrc: 20

AVclass
banload
1
VirusTotal
md5
39bbb55a6c14cdaa1516dcb54b18a407
sha1
d9d951104cdc28d717e78db2f931efc73d6310f2
SCANS (DETECTION RATE = 54.17%)
AVG
result: Win32:Trojan-gen
update: 20190729
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20190729
version: 2018.9.12.1
detected: True check_circle

APEX
update: 20190728
version: 5.43
detected: False cancel

Bkav
update: 20190726
version: 1.3.0.10239
detected: False cancel

K7GW
result: Trojan-Downloader ( 005525331 )
update: 20190728
version: 11.58.31580
detected: True check_circle

ALYac
result: Gen:Variant.Ursu.499030
update: 20190729
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Trojan-gen
update: 20190729
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dldr.Banload.ugxfr
update: 20190729
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190729
version: 6.2.0.1
detected: False cancel

DrWeb
result: Trojan.DownLoader29.39453
update: 20190729
version: 7.0.40.6260
detected: True check_circle

GData
result: Gen:Variant.Ursu.499030
update: 20190729
version: A:25.22907B:25.15667
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190728
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Malware-Cryptor.SB
update: 20190726
version: 4.0.0
detected: True check_circle

VIPRE
update: 20190728
version: 76752
detected: False cancel

Zoner
update: 20190728
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20190728
version: 0.101.2.0
detected: False cancel

Comodo
update: 20190729
version: 31243
detected: False cancel

F-Prot
update: 20190729
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20190728
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!39BBB55A6C14
update: 20190728
version: 6.0.6.653
detected: True check_circle

Rising
update: 20190728
version: 25.0.0.24
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20190728
version: 4.98.0
detected: True check_circle

Yandex
update: 20190728
version: 5.5.2.24
detected: False cancel

Zillya
update: 20190726
version: 2.0.0.3862
detected: False cancel

Acronis
update: 20190728
version: 1.0.1.51
detected: False cancel

Alibaba
result: TrojanBanker:Win32/Ghoul.dc585832
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Ursu.D79D56
update: 20190729
version: 1.0.0.850
detected: True check_circle

Cylance
result: Unsafe
update: 20190729
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20190522
version: 3.0.12
detected: False cancel

FireEye
result: Generic.mg.39bbb55a6c14cdaa
update: 20190729
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190728
version: 2019-07-28.02
detected: False cancel

Tencent
result: Win32.Trojan-banker.Ghoul.Lmlf
update: 20190729
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.Z.Ursu.3386880
update: 20190728
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20190729
version: 1.0.0.403
detected: False cancel

eGambit
update: 20190729
version: v4.3.6
detected: False cancel

Ad-Aware
result: Gen:Variant.Ursu.499030
update: 20190729
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Ursu.4!c
update: 20190729
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Ursu.499030 (B)
update: 20190729
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Dldr.Banload.ugxfr
update: 20190729
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Banload.YKN!tr.dldr
update: 20190729
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190717
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20190728
version: 16.0.100
detected: False cancel

Kingsoft
update: 20190729
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190729
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20190728
version: 1.9.0.0
detected: True check_circle

Trapmine
update: 20190522
version: 3.1.62.789
detected: False cancel

AhnLab-V3
update: 20190729
version: 3.15.3.24531
detected: False cancel

Antiy-AVL
update: 20190729
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan-Banker.Win32.Ghoul.att
update: 20190728
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.74451188.susgen
update: 20190728
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Tiggre!rfn
update: 20190728
version: 1.1.16200.1
detected: True check_circle

Qihoo-360
update: 20190729
version: 1.0.0.1120
detected: False cancel

Trustlook
update: 20190729
version: 1.0
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.Ghoul.att
update: 20190728
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.YKN
update: 20190728
version: 19761
detected: True check_circle

TrendMicro
result: TROJ_GEN.R011C0WGO19
update: 20190728
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Ursu.499030
update: 20190729
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 005525331 )
update: 20190728
version: 11.58.31580
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20190604
version: 1.0.27.333
detected: True check_circle

Avast-Mobile
update: 20190728
version: 190728-00
detected: False cancel

Malwarebytes
update: 20190728
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190728
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190728
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20190728
version: 1.0.134.24859
detected: False cancel

MicroWorld-eScan
result: Gen:Variant.Ursu.499030
update: 20190728
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190726
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.AdwareFileTour.wc
update: 20190728
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R011C0WGO19
update: 20190728
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
1d78e662b543b0d0a440ac497d7fc9108c27641ff32b345c5d3f602e058c0371
scan_id
1d78e662b543b0d0a440ac497d7fc9108c27641ff32b345c5d3f602e058c0371-1564385487
resource
39bbb55a6c14cdaa1516dcb54b18a407
positives
39
scan_date
2019-07-29 07:31:27
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/2/2020 - 18:47:43.528Open652C:\malware.exeC:\wsock32.dll
11/2/2020 - 18:47:43.528Open652C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
11/2/2020 - 18:47:43.528Open652C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
11/2/2020 - 18:47:43.762Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/2/2020 - 18:47:43.762Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/2/2020 - 18:47:43.809Open652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/2/2020 - 18:47:43.809Unknown652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/2/2020 - 18:47:43.840Read652C:\malware.exeC:\malware.exe
11/2/2020 - 18:47:44.372Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.372Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.372Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/2/2020 - 18:47:44.372Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Unknown652C:\malware.exeC:\Monitor\Malware
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\dwmapi.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\wtsapi32.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\WINSTA.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/2/2020 - 18:47:44.387Open652C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/2/2020 - 18:47:44.559Open652C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/2/2020 - 18:47:44.559Read652C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\security.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\SysWOW64\security.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\SysWOW64\security.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\SECUR32.DLL
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:44.575Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/2/2020 - 18:47:44.575Open652C:\malware.exeC:\Windows\WindowsShell.Manifest
11/2/2020 - 18:47:44.575Unknown652C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/2/2020 - 18:47:44.590Open652C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:47:44.590Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:47:44.590Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:47:44.590Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
11/2/2020 - 18:47:44.590Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
11/2/2020 - 18:47:44.590Read652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
11/2/2020 - 18:47:44.606Read652C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\FLab.exe
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\FLab.zip
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:47:44.715Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:47:44.715Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:47:44.715Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 18:47:44.715Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\IPHLPAPI.DLL
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\WINNSI.DLL
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:47:44.778Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:47:44.778Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\DNSAPI.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 18:47:44.778Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 18:47:44.840Open652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/2/2020 - 18:47:44.840Open652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/2/2020 - 18:47:44.840Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:47:44.840Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:47:44.934Open652C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
11/2/2020 - 18:47:44.934Open652C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
11/2/2020 - 18:47:44.934Open652C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
11/2/2020 - 18:47:44.934Open652C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
11/2/2020 - 18:47:44.981Open652C:\malware.exeC:\dhcpcsvc6.DLL
11/2/2020 - 18:47:44.981Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/2/2020 - 18:47:44.981Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/2/2020 - 18:47:44.981Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/2/2020 - 18:47:44.981Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\CRYPTSP.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\RpcRtRemote.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/2/2020 - 18:47:45.28Unknown652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/2/2020 - 18:47:45.28Open652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/2/2020 - 18:47:45.28Unknown652C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/2/2020 - 18:47:45.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\dhcpcsvc.DLL
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/2/2020 - 18:47:45.43Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/2/2020 - 18:47:45.106Open652C:\malware.exeC:\rasadhlp.dll
11/2/2020 - 18:47:45.106Open652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/2/2020 - 18:47:45.106Open652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/2/2020 - 18:47:45.200Open652C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
11/2/2020 - 18:47:45.200Open652C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
11/2/2020 - 18:47:45.356Open652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/2/2020 - 18:47:45.356Open652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:45.450Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.450Open652C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\credssp.dll
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Windows\SysWOW64\credssp.dll
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Windows\SysWOW64\credssp.dll
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Windows\SysWOW64\schannel.dll
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Windows\SysWOW64\schannel.dll
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.512Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.512Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.512Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.512Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\ncrypt.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\bcrypt.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
11/2/2020 - 18:47:45.637Unknown652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
11/2/2020 - 18:47:45.637Unknown652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.637Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.637Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.637Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\GPAPI.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
11/2/2020 - 18:47:45.637Open652C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.731Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.731Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.731Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
11/2/2020 - 18:47:45.731Unknown652C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
11/2/2020 - 18:47:45.731Unknown652C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 18:47:45.731Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\cryptnet.dll
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\SensApi.dll
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
11/2/2020 - 18:47:45.747Open652C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
11/2/2020 - 18:47:45.809Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.809Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.809Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.809Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:45.809Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:45.809Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\WINHTTP.dll
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\webio.dll
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 18:47:45.856Open652C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/2/2020 - 18:47:46.43Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.43Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.43Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.43Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Read652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Read652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Read652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_CD39E14A225A5AF41AE2F79A9C31EC2F
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.106Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7
11/2/2020 - 18:47:46.153Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.153Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.153Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.153Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.153Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.153Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.293Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.293Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.293Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.293Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.293Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
11/2/2020 - 18:47:46.340Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Read652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Read652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Read652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Write652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.340Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387CBE8B021F9E811DFC8C8A28572A17C05A_F4F1E9EECDF2FE429E1014B21486387C
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\syswow64\pt\KERNELBASE.dll.mui
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\en\KERNELBASE.dll.mui
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\netmsg.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\netmsg.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\netmsg.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Monitor
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\Monitor
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\FLab.exe
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\PROPSYS.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\desktop.ini
11/2/2020 - 18:47:46.387Read652C:\malware.exeC:\Users\desktop.ini
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\Users
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\Users\Behemot
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 18:47:46.387Open652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:46.387Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\apphelp.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.403Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\
11/2/2020 - 18:47:46.403Unknown652C:\malware.exeC:\
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows
11/2/2020 - 18:47:46.403Unknown652C:\malware.exeC:\Windows
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.403Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.403Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wininet.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Read652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.403Read652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.418Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.418Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.418Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.418Open652C:\malware.exeC:\Windows\SysWOW64\wpdshext.dll
11/2/2020 - 18:47:46.434Open652C:\malware.exeC:\Windows\SysWOW64\winmm.dll
11/2/2020 - 18:47:46.434Open652C:\malware.exeC:\Windows\SysWOW64\winmm.dll
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/2/2020 - 18:47:46.450Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.450Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.450Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\
11/2/2020 - 18:47:46.465Unknown652C:\malware.exeC:\
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows
11/2/2020 - 18:47:46.465Unknown652C:\malware.exeC:\Windows
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.465Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.465Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Read652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Read652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.465Open652C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.481Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\
11/2/2020 - 18:47:46.481Unknown652C:\malware.exeC:\
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows
11/2/2020 - 18:47:46.481Unknown652C:\malware.exeC:\Windows
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.481Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.481Unknown652C:\malware.exeC:\Windows\SysWOW64
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.481Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.575Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.575Read652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.590Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.606Unknown652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 18:47:46.606Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 18:47:46.606Unknown652C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\malware.exe.Local
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:46.606Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\
11/2/2020 - 18:47:46.606Unknown652C:\malware.exeC:\
11/2/2020 - 18:47:46.606Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\FLab.exe
11/2/2020 - 18:47:46.606Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/2/2020 - 18:47:44.778Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
11/2/2020 - 18:47:44.778Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
11/2/2020 - 18:47:44.778Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
11/2/2020 - 18:47:44.778Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
11/2/2020 - 18:47:44.778Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
11/2/2020 - 18:47:44.778Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
11/2/2020 - 18:47:45.43Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
11/2/2020 - 18:47:45.43Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
11/2/2020 - 18:47:45.43Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/2/2020 - 18:47:45.200Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/2/2020 - 18:47:45.731Write652C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 18:47:45.731Write652C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 18:47:45.731Write652C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 18:47:45.731Write652C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 18:47:45.731Write652C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 18:47:45.747Delete652C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
11/2/2020 - 18:47:45.747Write652C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
11/2/2020 - 18:47:45.747Delete652C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
11/2/2020 - 18:47:45.747Write652C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
11/2/2020 - 18:47:46.715Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/2/2020 - 18:47:46.715Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
11/2/2020 - 18:47:46.715Write652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
11/2/2020 - 18:47:46.715Delete652C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code drive.google.com.
computer localhost arrow_forward computer gateway:DNS code drive.google.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.

Response
computer gateway:DNS arrow_forward computer localhost code drive.google.com. reply_all 172.217.29.174

computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 216.58.202.131


TCP
Info
216.58.202.131:80 arrow_forward computer localhost:65192
computer localhost:65191 arrow_forward 172.217.29.174:443
computer localhost:65192 arrow_forward 216.58.202.131:80
172.217.29.174:443 arrow_forward computer localhost:65191

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBi17v2iewEJCAAAAAAqstc%3D
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 81.51%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 77.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 51.82%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 91.31%
suspicious: False cancel

Add to Collection
Download