Report #5630 check_circle

Binary
DLL
False cancel
Size
1.15MB
trid
50.1% Win32 EXE PECompact compressed
35.3% Win32 EXE PECompact compressed
5.5% Win32 Dynamic Link Library
3.8% Win32 Executable
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
09fc397016b4a0d73a45716dd7b564c2
sha1
4821cd55925f90ddc6bcc7bbef763797e11eb95e
crc32
0xb48b5e07
sha224
428e08ca8ee8a6e187962f7a0a5c99fb6c83a8eaf4d7f630d6694021
sha256
bcfdb04eb66a5c1eda4d9f79f838f97ca98a01a1cf54c5e76a3eadab317c7ef5
sha384
e724452884a411402ef106970b36986956984e51b915b7eddfa13953f00f42a7758c87eec355314c31258d9c7a1b4064
sha512
968bbea8b65733f276686994d42348dcceaa971f06884f91e59e3d6991d10cac69abeece0a05cc69b2a6da4d33ae48c9d44116e9414be1db4db0012c9bd5bd21
ssdeep
24576:BDEXDaOHeWtIJw8uUWeV0j/yoBouGAsrnfWEXOgafeqntmD97NHSxA:BDZOZUWeV07yzuSLWGufeitErD
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, PECompact_2x_Jeremy_Collake, PECompact_v20_additional, PECompact_v20, PECompact_V2X_Bitsum_Technologies_additional, HasRichSignature, PECompact_20x_Heuristic_Mode_Jeremy_Collake, HasOverlay, PECompact_v2xx_additional, PECompactv2xx, IsPE32, PeCompact_v208_Bitsum_Technologiessignature_by_loveboom, PECompact2xxBitSumTechnologies, PECompact_v2xx, PeCompact_2xx_BitSum_Technologies, IP, contentis_base64, IsPacked, PeCompact_253_DLL_BitSum_Technologies_additional, IsWindowsGUI, PECompactV2XBitsumTechnologies, HasDigitalSignature, PECompact_2xx_BitSum_Technologies, PeCompact_253_DLL_BitSum_Technologies, pecompact2, url, PECompact_V2X_Bitsum_Technologies

Suspicious
True check_circle

Strings
List
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
<http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
1http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
1http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
,http://crl4.digicert.com/sha2-assured-ts.crl0
,http://crl3.digicert.com/sha2-assured-ts.crl02
.http://www.digicert.com/ssl-cps-repository.htm0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
GWp.Lt
W7.mEo
b.gE
9.gS
8Z.BY
Z.Nr
v.Bh
i.mX
&m.Ee`
M`E.mG)S
http://ocsp.digicert.com0O
http://ocsp.digicert.com0I
http://ocsp.digicert.com0H
http://ocsp.digicert.com0C
COMCTL32.dll
ybE.nmx{o~t
(?,0
$e:wGD
name="Microsoft.Windows.Common-Controls"
_n%pe-3
%os5/l
&%cv#sIPN|.b
gA{%nv\
]%+EmS`
[C_%*oN
a"M-t%d
H8%s7i7
N_|%s
/Oa%d
T%gPi2
a%8p0S
by%p2es
P%nLGl
DigiCert Assured ID Root CA0
Copyright 2019 Adobe Inc. All rights reserved.
<requestedPrivileges>
Adobe Inc.0
Rj.AO
Adobe Inc.1
publicKeyToken="6595b64144ccf1df"
0.dxa
S]V.jym
GetProcAddress
PECompact2
5DE7
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
VirtualAlloc
RegDeleteKeyW
LoadLibraryA
OleInitialize
FC3BE
Adobe Inc
)%/)
!_/
I'Ay
I+gT
a"fD
5l,E
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 10 -->
<!-- Windows 8 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<description>ADOBE APPLICATION Manager</description>
<requestedExecutionLevel
ID_H
name="Adobe Bootstrapper Application"
w.Pk]m
.B.wF
RDp@4P?E`
version="6.0.0.0"
version="1.0.0.0"
I:r>6
udFS26U/
%7'%
#E.E'8|GU
N9IhYy-0
>NUG2kh5
sT8Wu&L2
DigiCert1*0(
\{tmaBkA74

Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://crl4.digicert.com/sha2-assured-ts.crl0, http://crl3.digicert.com/digicerthighassuranceevrootca.crl0@, http://cacerts.digicert.com/digicertsha2assuredidtimestampingca.crt0, http://crl4.digicert.com/digicerthighassuranceevrootca.crl0, http://ocsp.digicert.com0c, http://ocsp.digicert.com0h, http://ocsp.digicert.com0o, https://www.digicert.com/cps0, http://crl3.digicert.com/digicertassuredidrootca.crl0p, http://ocsp.digicert.com0i, http://cacerts.digicert.com/digicertevcodesigningca-sha2.crt0, http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://cacerts.digicert.com/digicerthighassuranceevrootca.crt0, http://crl3.digicert.com/sha2-assured-ts.crl02, http://crl4.digicert.com/evcodesigningsha2-g1.crl0k, http://crl3.digicert.com/evcodesigningsha2-g1.crl07, http://www.digicert.com/ssl-cps-repository.htm0
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ADVAPI32.dll, OLEAUT32.dll, COMCTL32.dll, ole32.dll, SHLWAPI.dll, gdiplus.dll, GDI32.dll, kernel32.dll, SHELL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2348544
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1239564
Suspicous: False cancel

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4096
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: advapi32.dll, oleaut32.dll, comctl32.dll, ole32.dll, shlwapi.dll, gdiplus.dll, gdi32.dll, kernel32.dll, shell32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2019-07-29 08:10:10
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: PECompact 2.x -> Jeremy Collake, PECompact v2.0, PeCompact 2.53 DLL --> BitSum Technologies, PECompact 2.0x Heuristic Mode -> Jeremy Collake
Compiled: False cancel
Compilers
MainPacker: PECompact 2.xx --> BitSum Technologies

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 1
.text: 596

pushpopmath
.rsrc: 3
.text: 327

ss register
.text: 16

garbagebytes
.rsrc: 1
.text: 205

hookdetection
.text: 19

software breakpoint
.text: 20

fakeconditionaljumps
.text: 13

programcontrolflowchange
.rsrc: 1
.text: 192

cpuinstructionsresultscomparison
.rsrc: 13

AVclass
None
1
VirusTotal
md5
09fc397016b4a0d73a45716dd7b564c2
sha1
4821cd55925f90ddc6bcc7bbef763797e11eb95e
SCANS (DETECTION RATE = 0.00%)
AVG
update: 20200116
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20200117
version: 2019.9.16.1
detected: False cancel

APEX
update: 20200116
version: 5.106
detected: False cancel

Bkav
update: 20200116
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200116
version: 11.86.33066
detected: False cancel

ALYac
update: 20200116
version: 1.1.1.5
detected: False cancel

Avast
update: 20200116
version: 18.4.3895.0
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20200116
version: 6.2.2.2
detected: False cancel

DrWeb
update: 20200116
version: 7.0.44.12030
detected: False cancel

GData
update: 20200116
version: A:25.24593B:26.17385
detected: False cancel

Panda
update: 20200116
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200116
version: 4.3.0
detected: False cancel

VIPRE
update: 20200116
version: 80832
detected: False cancel

Zoner
update: 20200116
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20200116
version: 0.102.1.0
detected: False cancel

Comodo
update: 20200116
version: 31971
detected: False cancel

F-Prot
update: 20200116
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20200116
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200116
version: 6.0.6.653
detected: False cancel

Rising
update: 20200116
version: 25.0.0.24
detected: False cancel

Sophos
update: 20200116
version: 4.98.0
detected: False cancel

Yandex
update: 20200116
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200115
version: 2.0.0.3998
detected: False cancel

Acronis
update: 20200113
version: 1.1.1.58
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200116
version: 1.0.0.869
detected: False cancel

Cylance
update: 20200117
version: 2.3.1.101
detected: False cancel

Endgame
update: 20190918
version: 3.0.15
detected: False cancel

FireEye
update: 20200116
version: 29.7.0.0
detected: False cancel

Sangfor
update: 20200114
version: 1.0
detected: False cancel

TACHYON
update: 20200116
version: 2020-01-16.03
detected: False cancel

Tencent
update: 20200117
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200116
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200117
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200117
detected: False cancel

Ad-Aware
update: 20200116
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20200116
version: 4.2
detected: False cancel

Emsisoft
update: 20200116
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200116
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20200116
version: 6.2.137.0
detected: False cancel

Invincea
update: 20191211
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200116
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200117
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200117
version: 1.0
detected: False cancel

Symantec
update: 20200116
version: 1.11.0.0
detected: False cancel

Trapmine
update: 20191216
version: 3.2.16.890
detected: False cancel

AhnLab-V3
update: 20200116
version: 3.17.0.26111
detected: False cancel

Antiy-AVL
update: 20200116
version: 3.0.0.1
detected: False cancel

Kaspersky
update: 20200116
version: 15.0.1.13
detected: False cancel

Microsoft
update: 20200114
version: 1.1.16600.7
detected: False cancel

Qihoo-360
update: 20200117
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200116
version: 1.0
detected: False cancel

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
update: 20200116
version: 20684
detected: False cancel

TrendMicro
update: 20200116
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200116
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200116
version: 11.86.33064
detected: False cancel

SentinelOne
update: 20191218
version: 1.12.1.57
detected: False cancel

Avast-Mobile
update: 20200114
version: 200114-00
detected: False cancel

CAT-QuickHeal
update: 20200116
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200116
version: 1.0.134.25031
detected: False cancel

BitDefenderTheta
update: 20200113
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20200116
version: 14.0.297.0
detected: False cancel

SUPERAntiSpyware
update: 20200112
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20200116
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20200116
version: 10.0.0.1040
detected: False cancel

total
69
sha256
bcfdb04eb66a5c1eda4d9f79f838f97ca98a01a1cf54c5e76a3eadab317c7ef5
scan_id
bcfdb04eb66a5c1eda4d9f79f838f97ca98a01a1cf54c5e76a3eadab317c7ef5-1579218933
resource
09fc397016b4a0d73a45716dd7b564c2
positives
0
scan_date
2020-01-16 23:55:33
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\winmm.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\winmm.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\oleacc.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\oleacc.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\oleaccrc.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\oleaccrc.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\mpr.dll
11/2/2020 - 19:45:43.340Open1480C:\malware.exeC:\Windows\SysWOW64\oledlg.dll
11/2/2020 - 19:45:43.356Open1480C:\malware.exeC:\Windows\SysWOW64\oledlg.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\msi.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\msi.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\winspool.drv
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\winspool.drv
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\samcli.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\samcli.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
11/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\winmmbase.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
11/2/2020 - 19:45:43.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
11/2/2020 - 19:45:43.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\oleaccrc.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\oleaccrc.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\msasn1.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\msasn1.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\crypt32.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\crypt32.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\wintrust.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\wintrust.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\psapi.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\psapi.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\PGPmapih.dll
11/2/2020 - 19:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\dxgidebug.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwarePTB.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareENU.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareLOC.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareLOC.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareLOC.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\malwareLOC.dll.DLL
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/2/2020 - 19:45:43.637Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:43.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:43.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe
11/2/2020 - 19:45:43.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\malware.exe.Local
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
11/2/2020 - 19:45:43.700Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\070AAC89-84FF-4948-9B74-E892057CC4E5
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\OOBE.trace
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\OOBE.debug
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.trace
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.debug
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADM.trace
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADM.debug
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.trace
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.debug
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log
11/2/2020 - 19:45:43.700Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log
11/2/2020 - 19:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\malware.exe.3.Manifest
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/2/2020 - 19:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 19:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 19:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\malware.exe.Local
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.715Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 19:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 19:45:43.715Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 19:45:43.715Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
11/2/2020 - 19:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/2/2020 - 19:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/2/2020 - 19:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
11/2/2020 - 19:45:43.778Open1480C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Monitor
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Monitor
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Monitor\Malware
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Monitor
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Monitor
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 19:45:43.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 19:45:43.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/2/2020 - 19:45:43.856Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.856Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.856Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\malware.exe:Zone.Identifier
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/2/2020 - 19:45:43.856Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\malware.exe.Local
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.856Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:43.856Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
11/2/2020 - 19:45:48.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/2/2020 - 19:45:48.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
11/2/2020 - 19:45:48.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:48.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/2/2020 - 19:45:48.903Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
11/2/2020 - 19:45:48.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/2/2020 - 19:45:48.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/2/2020 - 19:45:48.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\160[1]
11/2/2020 - 19:45:48.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\160[1]160[1]
11/2/2020 - 19:45:48.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\160[1]160[1]
11/2/2020 - 19:45:48.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\160[1]
11/2/2020 - 19:45:48.934Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\160[1]160[1]
11/2/2020 - 19:45:48.934Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/2/2020 - 19:45:48.934Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/2/2020 - 19:45:48.997Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:48.997Open1480C:\malware.exeC:\malware.exe:Zone.Identifier
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/2/2020 - 19:45:49.12Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\msxml3.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\msxml3.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\msxml3r.dll
11/2/2020 - 19:45:49.12Open1480C:\malware.exeC:\Windows\SysWOW64\msxml3r.dll
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.12Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:49.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:49.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:49.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/2/2020 - 19:45:49.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/2/2020 - 19:45:49.200Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/2/2020 - 19:45:49.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/2/2020 - 19:45:49.356Open1480C:\malware.exeC:\Windows\SysWOW64\msimtf.dll
11/2/2020 - 19:45:49.356Open1480C:\malware.exeC:\Windows\SysWOW64\msimtf.dll
11/2/2020 - 19:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
11/2/2020 - 19:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
11/2/2020 - 19:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\mlang.dll
11/2/2020 - 19:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\mlang.dll
11/2/2020 - 19:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/2/2020 - 19:45:49.418Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/2/2020 - 19:45:49.465Open1480C:\malware.exeC:\Windows\SysWOW64\jscript9.dll
11/2/2020 - 19:45:49.465Open1480C:\malware.exeC:\Windows\SysWOW64\jscript9.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\d2d1.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\d2d1.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\DWrite.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\DWrite.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\dxgi.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\dxgi.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.559Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\DXGIDebug.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\DXGIDebug.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\Windows\SysWOW64\DXGIDebug.dll
11/2/2020 - 19:45:49.559Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.559Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\SysWOW64\d3d11.dll
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\SysWOW64\d3d11.dll
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dll
11/2/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dlld3d10warp.dll
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dll
11/2/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dlld3d10warp.dll
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dll
11/2/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dlld3d10warp.dll
11/2/2020 - 19:45:49.606Open1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dll
11/2/2020 - 19:45:49.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\d3d10warp.dlld3d10warp.dll
11/2/2020 - 19:45:49.668Open1480C:\malware.exeC:\Windows\SysWOW64\msls31.dll
11/2/2020 - 19:45:49.668Open1480C:\malware.exeC:\Windows\SysWOW64\msls31.dll
11/2/2020 - 19:45:49.668Open1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:49.684Open1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:49.700Open1480C:\malware.exeC:\Windows\SysWOW64\atl.dll
11/2/2020 - 19:45:49.700Open1480C:\malware.exeC:\Windows\SysWOW64\atl.dll
11/2/2020 - 19:45:49.715Open1480C:\malware.exeC:\Windows\SysWOW64\ddrawex.dll
11/2/2020 - 19:45:49.715Open1480C:\malware.exeC:\Windows\SysWOW64\ddrawex.dll
11/2/2020 - 19:45:49.856Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
11/2/2020 - 19:45:49.856Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
11/2/2020 - 19:45:50.184Open1480C:\malware.exeC:\Windows\SysWOW64\dciman32.dll
11/2/2020 - 19:45:50.184Open1480C:\malware.exeC:\Windows\SysWOW64\dciman32.dll
11/2/2020 - 19:45:50.184Open1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.184Read1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.184Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
11/2/2020 - 19:45:50.184Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
11/2/2020 - 19:45:50.184Open1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.184Read1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.184Unknown1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.231Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.231Read1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.231Read1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.418Open1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.418Open1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.934Unknown1480C:\malware.exeC:\Windows\win.ini
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtmsft.dll
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\stdole2.tlb
11/2/2020 - 19:45:50.934Open1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\SysWOW64\dxtrans.dll
11/2/2020 - 19:45:50.950Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Open1480C:\malware.exeC:\malware.exe:Zone.Identifier
11/2/2020 - 19:45:50.950Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:50.950Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\warning_icon_200.png
11/2/2020 - 19:45:51.106Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\warning_icon_200.pngwarning_icon_200.png
11/2/2020 - 19:45:51.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\warning_icon_200.pngwarning_icon_200.png
11/2/2020 - 19:45:51.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\warning_icon_200.png
11/2/2020 - 19:45:51.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\warning_icon_200.pngwarning_icon_200.png
11/2/2020 - 19:45:51.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_200.png
11/2/2020 - 19:45:51.106Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_200.pngstatus_icon_caution_200.png
11/2/2020 - 19:45:51.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_200.pngstatus_icon_caution_200.png
11/2/2020 - 19:45:51.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_200.png
11/2/2020 - 19:45:51.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_200.pngstatus_icon_caution_200.png
11/2/2020 - 19:45:51.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_100.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_100.pngstatus_icon_caution_100.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_100.pngstatus_icon_caution_100.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_100.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_100.pngstatus_icon_caution_100.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_125.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_125.pngstatus_icon_caution_125.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_125.pngstatus_icon_caution_125.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_125.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_125.pngstatus_icon_caution_125.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_150.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_150.pngstatus_icon_caution_150.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_150.pngstatus_icon_caution_150.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_150.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_caution_150.pngstatus_icon_caution_150.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_200.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_200.pngstatus_icon_x_200.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_200.pngstatus_icon_x_200.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_200.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_200.pngstatus_icon_x_200.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_100.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_100.pngstatus_icon_x_100.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_100.pngstatus_icon_x_100.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_100.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_100.pngstatus_icon_x_100.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_125.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_125.pngstatus_icon_x_125.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_125.pngstatus_icon_x_125.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_125.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_125.pngstatus_icon_x_125.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_150.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_150.pngstatus_icon_x_150.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_150.pngstatus_icon_x_150.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_150.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_x_150.pngstatus_icon_x_150.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_200.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_200.pngstatus_icon_check_200.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_200.pngstatus_icon_check_200.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_200.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_200.pngstatus_icon_check_200.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_100.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_100.pngstatus_icon_check_100.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_100.pngstatus_icon_check_100.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_100.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_100.pngstatus_icon_check_100.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_125.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_125.pngstatus_icon_check_125.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_125.pngstatus_icon_check_125.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_125.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_125.pngstatus_icon_check_125.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_150.png
11/2/2020 - 19:45:51.153Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_150.pngstatus_icon_check_150.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_150.pngstatus_icon_check_150.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_150.png
11/2/2020 - 19:45:51.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\status_icon_check_150.pngstatus_icon_check_150.png
11/2/2020 - 19:45:51.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_200.png
11/2/2020 - 19:45:51.215Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_200.pngprogressbar_darkgray_base_200.png
11/2/2020 - 19:45:51.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_200.pngprogressbar_darkgray_base_200.png
11/2/2020 - 19:45:51.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_200.png
11/2/2020 - 19:45:51.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_200.pngprogressbar_darkgray_base_200.png
11/2/2020 - 19:45:51.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_100.png
11/2/2020 - 19:45:51.215Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_100.pngprogressbar_darkgray_base_100.png
11/2/2020 - 19:45:51.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_100.pngprogressbar_darkgray_base_100.png
11/2/2020 - 19:45:51.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_100.png
11/2/2020 - 19:45:51.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_darkgray_base_100.pngprogressbar_darkgray_base_100.png
11/2/2020 - 19:45:51.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_200.png
11/2/2020 - 19:45:51.215Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_200.pngprogressbar_blue_active_200.png
11/2/2020 - 19:45:51.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_200.pngprogressbar_blue_active_200.png
11/2/2020 - 19:45:51.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_200.png
11/2/2020 - 19:45:51.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_200.pngprogressbar_blue_active_200.png
11/2/2020 - 19:45:51.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_100.png
11/2/2020 - 19:45:51.262Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_100.pngprogressbar_blue_active_100.png
11/2/2020 - 19:45:51.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_100.pngprogressbar_blue_active_100.png
11/2/2020 - 19:45:51.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_100.png
11/2/2020 - 19:45:51.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_100.pngprogressbar_blue_active_100.png
11/2/2020 - 19:45:51.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_125.png
11/2/2020 - 19:45:51.309Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_125.pngprogressbar_blue_active_125.png
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_125.pngprogressbar_blue_active_125.png
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_125.png
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_125.pngprogressbar_blue_active_125.png
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_150.png
11/2/2020 - 19:45:51.309Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_150.pngprogressbar_blue_active_150.png
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_150.pngprogressbar_blue_active_150.png
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_150.png
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_blue_active_150.pngprogressbar_blue_active_150.png
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\transparent.gif
11/2/2020 - 19:45:51.309Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\transparent.giftransparent.gif
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\transparent.gif
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\transparent.giftransparent.gif
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\gray_button_200.png
11/2/2020 - 19:45:51.309Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\gray_button_200.pnggray_button_200.png
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\gray_button_200.pnggray_button_200.png
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\gray_button_200.png
11/2/2020 - 19:45:51.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\gray_button_200.pnggray_button_200.png
11/2/2020 - 19:45:51.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\close_200.png
11/2/2020 - 19:45:51.356Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\close_200.pngclose_200.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\close_200.pngclose_200.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\close_200.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\close_200.pngclose_200.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_200.png
11/2/2020 - 19:45:51.356Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_200.pngprogressbar_pole_null_200.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_200.pngprogressbar_pole_null_200.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_200.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_200.pngprogressbar_pole_null_200.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_100.png
11/2/2020 - 19:45:51.356Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_100.pngprogressbar_pole_null_100.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_100.pngprogressbar_pole_null_100.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_100.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_100.pngprogressbar_pole_null_100.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_125.png
11/2/2020 - 19:45:51.356Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_125.pngprogressbar_pole_null_125.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_125.pngprogressbar_pole_null_125.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_125.png
11/2/2020 - 19:45:51.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_125.pngprogressbar_pole_null_125.png
11/2/2020 - 19:45:51.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_150.png
11/2/2020 - 19:45:51.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_150.pngprogressbar_pole_null_150.png
11/2/2020 - 19:45:51.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_150.pngprogressbar_pole_null_150.png
11/2/2020 - 19:45:51.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_150.png
11/2/2020 - 19:45:51.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\progressbar_pole_null_150.pngprogressbar_pole_null_150.png
11/2/2020 - 19:45:51.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_200.png
11/2/2020 - 19:45:51.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_200.pngyellow_button_200.png
11/2/2020 - 19:45:51.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_200.pngyellow_button_200.png
11/2/2020 - 19:45:51.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_200.png
11/2/2020 - 19:45:51.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_200.pngyellow_button_200.png
11/2/2020 - 19:45:51.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:51.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:51.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:51.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:51.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:51.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_125.png
11/2/2020 - 19:45:51.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_125.pngyellow_button_125.png
11/2/2020 - 19:45:51.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_125.pngyellow_button_125.png
11/2/2020 - 19:45:51.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_125.png
11/2/2020 - 19:45:51.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_125.pngyellow_button_125.png
11/2/2020 - 19:45:51.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_150.png
11/2/2020 - 19:45:51.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_150.pngyellow_button_150.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_150.pngyellow_button_150.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_150.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_150.pngyellow_button_150.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_200.png
11/2/2020 - 19:45:51.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_200.pngyellow_button_mini_200.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_200.pngyellow_button_mini_200.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_200.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_200.pngyellow_button_mini_200.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_100.png
11/2/2020 - 19:45:51.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_100.pngyellow_button_mini_100.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_100.pngyellow_button_mini_100.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_100.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_100.pngyellow_button_mini_100.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_125.png
11/2/2020 - 19:45:51.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_125.pngyellow_button_mini_125.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_125.pngyellow_button_mini_125.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_125.png
11/2/2020 - 19:45:51.637Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_125.pngyellow_button_mini_125.png
11/2/2020 - 19:45:51.637Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_150.png
11/2/2020 - 19:45:51.778Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_150.pngyellow_button_mini_150.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_150.pngyellow_button_mini_150.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_150.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_mini_150.pngyellow_button_mini_150.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_200.png
11/2/2020 - 19:45:51.778Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_200.pngyellow_button_short_200.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_200.pngyellow_button_short_200.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_200.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_200.pngyellow_button_short_200.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_100.png
11/2/2020 - 19:45:51.778Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_100.pngyellow_button_short_100.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_100.pngyellow_button_short_100.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_100.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_100.pngyellow_button_short_100.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_125.png
11/2/2020 - 19:45:51.778Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_125.pngyellow_button_short_125.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_125.pngyellow_button_short_125.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_125.png
11/2/2020 - 19:45:51.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_125.pngyellow_button_short_125.png
11/2/2020 - 19:45:51.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_150.png
11/2/2020 - 19:45:51.825Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_150.pngyellow_button_short_150.png
11/2/2020 - 19:45:51.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_150.pngyellow_button_short_150.png
11/2/2020 - 19:45:51.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_150.png
11/2/2020 - 19:45:51.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_short_150.pngyellow_button_short_150.png
11/2/2020 - 19:45:51.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\info_icon_100.png
11/2/2020 - 19:45:51.825Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\info_icon_100.pnginfo_icon_100.png
11/2/2020 - 19:45:51.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\info_icon_100.pnginfo_icon_100.png
11/2/2020 - 19:45:51.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\info_icon_100.png
11/2/2020 - 19:45:51.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\info_icon_100.pnginfo_icon_100.png
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\malware.exe:Zone.Identifier
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\SC[1]
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\SC[1]SC[1]
11/2/2020 - 19:45:51.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\SC[1]SC[1]
11/2/2020 - 19:45:51.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\SC[1]
11/2/2020 - 19:45:51.840Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\SC[1]SC[1]
11/2/2020 - 19:45:51.903Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Open1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Unknown1480C:\malware.exeC:\malware.exe
11/2/2020 - 19:45:51.903Open1480C:\malware.exeC:\malware.exe:Zone.Identifier
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\OOBE.trace
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\OOBE.debug
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.trace
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.debug
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_GDE.trace
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_GDE.debug
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.trace
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\adm.debug
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log
11/2/2020 - 19:45:52.43Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log
11/2/2020 - 19:45:52.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log
11/2/2020 - 19:45:52.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logAdobe_GDE.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:52.43Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:52.59Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
11/2/2020 - 19:45:52.59Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
11/2/2020 - 19:45:52.137Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/2/2020 - 19:45:52.137Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
11/2/2020 - 19:45:52.137Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/2/2020 - 19:45:52.137Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
11/2/2020 - 19:45:52.137Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/2/2020 - 19:45:52.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/2/2020 - 19:45:52.137Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
11/2/2020 - 19:45:52.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
11/2/2020 - 19:45:52.200Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/2/2020 - 19:45:52.200Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
11/2/2020 - 19:45:52.200Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
11/2/2020 - 19:45:52.200Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
11/2/2020 - 19:45:52.200Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/2/2020 - 19:45:52.200Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
11/2/2020 - 19:45:52.215Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 19:45:52.215Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
11/2/2020 - 19:45:52.215Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 19:45:52.215Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
11/2/2020 - 19:45:52.215Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 19:45:52.215Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 19:45:52.262Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/2/2020 - 19:45:52.262Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
11/2/2020 - 19:45:52.512Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/2/2020 - 19:45:52.512Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/2/2020 - 19:45:52.809Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
11/2/2020 - 19:45:52.809Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
11/2/2020 - 19:45:53.231Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
11/2/2020 - 19:45:53.247Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
11/2/2020 - 19:45:53.247Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
11/2/2020 - 19:45:53.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
11/2/2020 - 19:45:53.247Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
11/2/2020 - 19:45:53.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
11/2/2020 - 19:45:53.247Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
11/2/2020 - 19:45:53.247Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
11/2/2020 - 19:45:53.262Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
11/2/2020 - 19:45:53.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
11/2/2020 - 19:45:53.262Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
11/2/2020 - 19:45:53.262Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 19:45:53.262Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
11/2/2020 - 19:45:53.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 19:45:53.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 19:45:53.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 19:45:53.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 19:45:53.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 19:45:53.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 19:45:53.293Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
11/2/2020 - 19:45:53.309Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
11/2/2020 - 19:45:53.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
11/2/2020 - 19:45:53.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 19:45:53.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
11/2/2020 - 19:45:53.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 19:45:53.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
11/2/2020 - 19:45:53.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 19:45:53.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
11/2/2020 - 19:45:53.434Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:53.434Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:53.434Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:53.434Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logAdobe_ADM.log
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\Users
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\Users
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:53.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.465Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png:Zone.Identifier
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:53.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:53.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:45:53.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/2/2020 - 19:45:53.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/2/2020 - 19:45:53.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer
11/2/2020 - 19:45:53.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
11/2/2020 - 19:45:53.543Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/2/2020 - 19:45:53.543Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/2/2020 - 19:45:53.543Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/2/2020 - 19:45:53.543Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/2/2020 - 19:45:53.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png
11/2/2020 - 19:45:53.543Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Adobe\FB6DAEF3-2A0F-42CE-A0B3-77962C6F145D\yellow_button_100.pngyellow_button_100.png

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/2/2020 - 19:45:43.793Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/2/2020 - 19:45:48.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
11/2/2020 - 19:45:48.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
11/2/2020 - 19:45:48.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
11/2/2020 - 19:45:50.231Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplicationName
11/2/2020 - 19:45:50.231Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplicationID
11/2/2020 - 19:45:50.934Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplicationName
11/2/2020 - 19:45:50.934Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplicationID
11/2/2020 - 19:45:53.247Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 19:45:53.262Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 19:45:53.262Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 19:45:53.262Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
11/2/2020 - 19:45:53.262Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code get.adobe.com.
computer localhost arrow_forward computer gateway:DNS code get.adobe.com.

Response
computer gateway:DNS arrow_forward computer localhost code get.adobe.com. reply_all 192.147.130.63


TCP
Info
192.147.130.63:443 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 192.147.130.63:443

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 98.41%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.77%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.73%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download