Report #6239 check_circle

  • Creation Date: Feb. 14, 2020, 2:40 p.m.
  • Last Update: Feb. 14, 2020, 8:11 p.m.
  • File: Cobrafixo_contrato.exe
  • Results:
Binary
DLL
False cancel
Size
1004.00KB
trid
41.0% Win32 Executable MS Visual C++
36.3% Win64 Executable
8.6% Win32 Dynamic Link Library
5.9% Win32 Executable
2.6% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
f30a900be9f7a338f7188ff52f9396d6
sha1
c2ca23e66bf76d3505baed0e411beba3159485a3
crc32
0x7001cb64
sha224
b6a7a8c25882eb02465f803a7ebfb7f7ae43b7900c10423c103e4867
sha256
15439b9b9f887bb754f40d51d2134f6193b234eb9cf848cc774c63c2c9e30cd9
sha384
03291403be4c156e7896ddded91aac3b2fc9a89badeb3265dfbf673bdff7d73c91724dda218c06a83cc70f0acece0576
sha512
3ebc644bd6fea4f736c90587bdf965d5e262a573fe3155301dc40ea515c2105611488f5a4cd45431cabba93163217ed7da04e6dc07234d1dab692b61f5b205b9
ssdeep
24576:LVre587cwV20Ddlb87FtvFmM+I4xzruYhCzXzEXCuQRb:Ry87cE22d+7FtNmM+I4xzaPjEXzQRb
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, DebuggerException__SetConsoleCtrl, anti_dbg, Borland, screenshot, HasRichSignature, win_files_operation, spreading_share, Microsoft_Visual_Cpp_8, contentis_base64, IsPE32, win_hook, win_token, maldoc_indirect_function_call_1, IsWindowsGUI, WMI_strings, IP

Suspicious
True check_circle

Strings
List
t2i.gB
t2i.gA
t2i.gA
t2i.gA
t2i.gA
t2i.gA
KT2a.s0a2e.tL
i.th
a2I.cC
)n6a,i$ #o$e`l%n't(s`s%t@i.v!l)d`b)t`l%n't( 2e0e!t@i.v!l)d`c/d% m-`m)s3i.g`e.dmo&-"l/c+
COMCTL32.dll
OPENGL32.dll
NETAPI32.dll
d.png
AVIFIL32.dll
WS2_32.dll
Secur32.dll
WINMM.dll
pdh.dll
PressedCommand
I$B!s%C/m0o.e.tL
5.3.2.7
5.3.2.7
s%rs2nd,l@
3s,e!ys2nd,l@
e.su@
5s%rs2nd,l@
l%n$TP@@
w.e2F/r-C%n4e2
o.eEM%n5s
OC/m0r%s3i/n
AYGI.t%g%r@0Q@@0Q@@<P@@<P@@0
e)g(tGI.t%g%r@0Q@@<P@@<P@@<P@@<P@@
%15%34`2%*%#4%$`"%#!53%`
$e3_%c"_%n#r9p4
ThicknessSelection.SelectedThickness.ThicknessLabel
_3e4_#o.n%c4_3t!t%
r!c%f5l,y
d%s#r)p4i/n@
r!n3p!r%n4
/l%a5ts2nd,l@
+e2n%ls2nd,l@
v%r,a0p%d
+e2n%ls2nd,l@
/l%a5ts2nd,l@
/l%a5ts2nd,l@
+e2n%ls2nd,l@
#l/s%s/c+e4
l!c%m%n4
6c,t%s43nd,l@
+e2n%ls2nd,l@
+e2n%ls2nd,l@
l)g.m%n4
l)g.m%n4
+e2n%ls2nd,l@
t4r)b5t%s@
n%x0e#t%d
l!c%m%n4
o-p/n%n4
o-p/n%n4
o-p/n%n4
o.n%c4i/n
'e4p%e2n!m%
_#o.n%c4
o-p/n%n4
MC,i%n4P/r4M)n|
@S%l%c4P!l%t4e@
r!n3p!r%n4C/l/r
@M/d5l%3rN%x4W@
@T(r%a$3rF)r3t@
h%m%T%x4M%t2i#s@G%t
@I.s%r4M%n5I4e-A@
n2e!c(a"l%E2r/r
i.g,eLC,i%n4H%i'h4
LC,i%n4H%i'h4<P@@
@I3D)a,o'M%s3a'e
e4T%m0F)l%N!m%A@
h!r%D%n9N/n%
M%m/r9S4r%a-
GC,a3s%s@
h!r%D%n9R%a$
l!s3O"j%c4s@
e2c%n4D/n%
F)l%S4r%a-
P!r%n4C/l/r@
H!n$l%S4r%a-
S%a2c(R%c
o-p/n%n4N!m%
GC,a3s%s@
e3s!g%F/r-
r)t%E2r/r
GC,a3s%s@
i'h4T/L%f4
h%m%R%c4
D%c/m0r%s3i/n
M%n5(8D@p9A@
y3R%A,l/c
r/c%s3F)l%
@c,M%n5B!r@
Gc,G2e%nLF/n4.

Foremost
Matches
0.exe, 1004 KB, 1861.png, 8 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 5.3.2.7, 1, 5x3x2x7.static-business.spb.ertelecom.ru.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, SHLWAPI.dll, OLEAUT32.dll, IMM32.dll, OPENGL32.dll, pdh.dll, NETAPI32.dll, SHELL32.dll, WS2_32.dll, mscoree.dll, COMCTL32.dll, Secur32.dll, ole32.dll, USER32.DLL, AVIFIL32.dll, gdiplus.dll, WINMM.dll, GDI32.dll, KERNEL32.dll, comdlg32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 614400
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1006678
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rdata, .gnu, .kdata, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 347723
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shlwapi.dll, oleaut32.dll, imm32.dll, opengl32.dll, pdh.dll, netapi32.dll, shell32.dll, ws2_32.dll, mscoree.dll, comctl32.dll, secur32.dll, ole32.dll, user32.dll, avifil32.dll, gdiplus.dll, winmm.dll, gdi32.dll, kernel32.dll, comdlg32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-05-25 18:55:34
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 659
.rsrc: 8
.text: 834
.kdata: 9
.rdata: 25

nopsequence
.text: 1

pushpopmath
.gnu: 2
.data: 230
.rsrc: 11
.text: 164
.rdata: 10

ss register
.text: 1

garbagebytes
.data: 38
.rsrc: 3
.text: 97
.kdata: 7
.rdata: 4

hookdetection
.data: 4
.text: 3
.rdata: 1

software breakpoint
.data: 1
.rsrc: 3
.text: 3
.rdata: 1

programcontrolflowchange
.data: 38
.rsrc: 3
.text: 97
.kdata: 7
.rdata: 4

cpuinstructionsresultscomparison
.gnu: 1
.data: 6
.rsrc: 10
.text: 1
.rdata: 2

AVclass
yakes
1
VirusTotal
md5
f30a900be9f7a338f7188ff52f9396d6
sha1
c2ca23e66bf76d3505baed0e411beba3159485a3
SCANS (DETECTION RATE = 67.65%)
AVG
result: Win32:Malware-gen
update: 20180610
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180609
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=85)
update: 20180610
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180609
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan ( 0050e8ec1 )
update: 20180609
version: 10.48.27413
detected: True check_circle

ALYac
result: Trojan.GenericKD.5193143
update: 20180610
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180610
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20180609
version: 8.3.3.6
detected: False cancel

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9894
update: 20180608
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.KHES-3700
update: 20180609
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180609
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.5193143
update: 20180609
version: A:25.17372B:25.12454
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180609
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180608
version: 3.12.32.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180609
version: 67028
detected: True check_circle

Zoner
update: 20180610
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180609
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180609
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180609
version: 29154
detected: True check_circle

F-Prot
update: 20180609
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180609
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic Downloader.x
update: 20180609
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180609
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180610
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!nabqZTDmxCQ
update: 20180609
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.82632
update: 20180608
version: 2.0.0.3570
detected: True check_circle

Arcabit
result: Trojan.Generic.D4F3DB7
update: 20180610
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180610
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180507
version: 2.1.2
detected: True check_circle

TACHYON
update: 20180608
version: 2018-06-08.02
detected: False cancel

Tencent
result: Win32.Trojan.Yakes.Dzje
update: 20180610
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180609
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180610
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180610
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.5193143
update: 20180610
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Troj.W32.Yakes!c
update: 20180609
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.5193143 (B)
update: 20180609
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.5193143
update: 20180609
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: Generik.MRPWESB!tr
update: 20180609
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
result: Trojan.Yakes.vjy
update: 20180609
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180610
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180610
version: 1.0
detected: True check_circle

Symantec
result: Downloader
update: 20180609
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Yakes.C1980134
update: 20180609
version: 3.12.1.20996
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.Yakes
update: 20180609
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.Win32.Yakes.tirm
update: 20180609
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180609
version: 1.1.14901.4
detected: False cancel

Qihoo-360
update: 20180610
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180608
version: 6.8.0.5.3091
detected: False cancel

ZoneAlarm
result: Trojan.Win32.Yakes.tirm
update: 20180610
version: 1.0
detected: True check_circle

Cybereason
result: malicious.be9f7a
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: Win32/TrojanDownloader.Banload.XXW
update: 20180609
version: 17525
detected: True check_circle

TrendMicro
result: TROJ_GEN.R029C0DLU17
update: 20180609
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.5193143
update: 20180609
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 0050e8ec1 )
update: 20180609
version: 10.48.27413
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180609
version: 180609-02
detected: False cancel

Malwarebytes
update: 20180609
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180609
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Mauvaise.SL1
update: 20180609
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Yakes.eppaos
update: 20180609
version: 1.0.106.22618
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.5193143
update: 20180609
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180609
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: RDN/Generic Downloader.x
update: 20180609
version: v2017.2786
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R029C0DLU17
update: 20180609
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
15439b9b9f887bb754f40d51d2134f6193b234eb9cf848cc774c63c2c9e30cd9
scan_id
15439b9b9f887bb754f40d51d2134f6193b234eb9cf848cc774c63c2c9e30cd9-1528583692
resource
f30a900be9f7a338f7188ff52f9396d6
positives
46
scan_date
2018-06-09 22:34:52
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
14/2/2020 - 19:45:42.731Open1480C:\malware.exeC:\malware.exe.Local
14/2/2020 - 19:45:42.731Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
14/2/2020 - 19:45:42.731Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
14/2/2020 - 19:45:42.731Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
14/2/2020 - 19:45:42.731Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
14/2/2020 - 19:45:42.731Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
14/2/2020 - 19:45:42.731Open1480C:\malware.exeC:\Secur32.dll
14/2/2020 - 19:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
14/2/2020 - 19:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
14/2/2020 - 19:45:42.747Open1480C:\malware.exeC:\OPENGL32.dll
14/2/2020 - 19:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\opengl32.dll
14/2/2020 - 19:45:42.747Open1480C:\malware.exeC:\Windows\SysWOW64\opengl32.dll
14/2/2020 - 19:45:42.840Open1480C:\malware.exeC:\GLU32.dll
14/2/2020 - 19:45:42.840Open1480C:\malware.exeC:\Windows\SysWOW64\glu32.dll
14/2/2020 - 19:45:42.887Open1480C:\malware.exeC:\Windows\SysWOW64\glu32.dll
14/2/2020 - 19:45:43.122Open1480C:\malware.exeC:\DDRAW.dll
14/2/2020 - 19:45:43.122Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
14/2/2020 - 19:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\ddraw.dll
14/2/2020 - 19:45:43.497Open1480C:\malware.exeC:\DCIMAN32.dll
14/2/2020 - 19:45:43.497Open1480C:\malware.exeC:\Windows\SysWOW64\dciman32.dll
14/2/2020 - 19:45:43.543Open1480C:\malware.exeC:\Windows\SysWOW64\dciman32.dll
14/2/2020 - 19:45:43.731Open1480C:\malware.exeC:\dwmapi.dll
14/2/2020 - 19:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
14/2/2020 - 19:45:43.731Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
14/2/2020 - 19:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
14/2/2020 - 19:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
14/2/2020 - 19:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
14/2/2020 - 19:45:44.106Open1480C:\malware.exeC:\Windows\SysWOW64\imm32.dll
14/2/2020 - 19:45:44.184Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
14/2/2020 - 19:45:44.184Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
14/2/2020 - 19:45:44.215Open1480C:\malware.exe\Device\Mup\\PIPE\srvsvc
14/2/2020 - 19:45:44.965Open1480C:\malware.exeC:\cscapi.dll
14/2/2020 - 19:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
14/2/2020 - 19:45:44.965Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
14/2/2020 - 19:45:44.965Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
14/2/2020 - 19:45:44.965Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
14/2/2020 - 19:46:14.965Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
14/2/2020 - 19:46:14.965Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\CRYPTSP.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\RpcRtRemote.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
14/2/2020 - 19:46:15.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
14/2/2020 - 19:46:15.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\SXS.DLL
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Windows\SysWOW64\sxs.dll
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.59Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.75Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
14/2/2020 - 19:46:15.75Open1480C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
14/2/2020 - 19:46:15.75Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.75Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:15.75Open1480C:\malware.exeC:\Monitor\
14/2/2020 - 19:46:16.200Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:19.200Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:22.200Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:25.215Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:28.215Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:31.215Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:34.247Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:37.247Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:40.247Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:46:43.247Open1480C:\malware.exeC:\Monitor\d.png
14/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\version.dll
14/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
14/2/2020 - 19:47:6.59Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
14/2/2020 - 19:47:6.106Open1480C:\malware.exeC:\malware.PTB
14/2/2020 - 19:47:6.106Open1480C:\malware.exeC:\malware.PTB.DLL
14/2/2020 - 19:47:6.106Open1480C:\malware.exeC:\malware.PT
14/2/2020 - 19:47:6.106Open1480C:\malware.exeC:\malware.PT.DLL
14/2/2020 - 19:47:6.106Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
14/2/2020 - 19:47:6.106Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\malware.exe.Local
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
14/2/2020 - 19:47:30.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
14/2/2020 - 19:47:30.934Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
14/2/2020 - 19:47:30.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
14/2/2020 - 19:47:30.934Open1480C:\malware.exe\Device\Mup\
14/2/2020 - 19:47:32.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:32.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:32.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:32.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:32.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
14/2/2020 - 19:47:35.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
14/2/2020 - 19:47:35.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
14/2/2020 - 19:47:35.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
14/2/2020 - 19:47:35.59Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\IPHLPAPI.DLL
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\WINNSI.DLL
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
14/2/2020 - 19:47:35.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
14/2/2020 - 19:47:35.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\DNSAPI.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
14/2/2020 - 19:47:35.106Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
14/2/2020 - 19:47:35.153Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
14/2/2020 - 19:47:35.153Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
14/2/2020 - 19:47:35.153Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
14/2/2020 - 19:47:35.153Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
14/2/2020 - 19:47:35.247Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
14/2/2020 - 19:47:35.247Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
14/2/2020 - 19:47:35.247Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
14/2/2020 - 19:47:35.247Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
14/2/2020 - 19:47:35.293Open1480C:\malware.exeC:\dhcpcsvc6.DLL
14/2/2020 - 19:47:35.293Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
14/2/2020 - 19:47:35.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
14/2/2020 - 19:47:35.293Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
14/2/2020 - 19:47:35.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
14/2/2020 - 19:47:35.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\dhcpcsvc.DLL
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
14/2/2020 - 19:47:35.340Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
14/2/2020 - 19:47:35.403Open1480C:\malware.exeC:\rasadhlp.dll
14/2/2020 - 19:47:35.403Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
14/2/2020 - 19:47:35.403Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
14/2/2020 - 19:47:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
14/2/2020 - 19:47:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\malware.exe.Local
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
14/2/2020 - 19:47:35.793Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:35.793Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
14/2/2020 - 19:47:36.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
14/2/2020 - 19:47:36.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
14/2/2020 - 19:47:36.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BGtiNYgh2[1].htm
14/2/2020 - 19:47:36.247Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\BGtiNYgh2[1].htmBGtiNYgh2[1].htm
14/2/2020 - 19:47:36.668Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
14/2/2020 - 19:47:36.668Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
14/2/2020 - 19:47:38.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\bcrypt.dll
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
14/2/2020 - 19:47:38.278Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
14/2/2020 - 19:47:38.278Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.278Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.450Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.465Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.637Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.653Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\2NC19K06.htm
14/2/2020 - 19:47:38.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:38.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:43.887Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:43.887Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:43.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:43.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:53.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:53.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:53.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace
14/2/2020 - 19:47:53.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.12Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\WorkSpace\4D897SA4D1C52X1ZC0ZA.ARE4D897SA4D1C52X1ZC0ZA.ARE
14/2/2020 - 19:47:53.106Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
14/2/2020 - 19:47:53.106Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
14/2/2020 - 19:47:35.106Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
14/2/2020 - 19:47:35.106Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
14/2/2020 - 19:47:35.106Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
14/2/2020 - 19:47:35.106Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
14/2/2020 - 19:47:35.106Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
14/2/2020 - 19:47:35.106Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
14/2/2020 - 19:47:35.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
14/2/2020 - 19:47:35.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
14/2/2020 - 19:47:36.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
14/2/2020 - 19:47:36.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
14/2/2020 - 19:47:36.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
14/2/2020 - 19:47:36.340Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
14/2/2020 - 19:47:36.872Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
14/2/2020 - 19:47:36.872Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
14/2/2020 - 19:47:36.872Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
14/2/2020 - 19:47:36.872Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
14/2/2020 - 19:47:36.872Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
14/2/2020 - 19:47:36.872Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
14/2/2020 - 19:47:36.872Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:59829 code 50w66.staging.motiontactic.com.
computer localhost arrow_forward computer gateway:DNS code 50w66.staging.motiontactic.com.

Response
computer gateway:DNS arrow_forward computer localhost code 50w66.staging.motiontactic.com. reply_all 198.199.94.186


TCP
Info
computer localhost:65192 arrow_forward 198.199.94.186:80
198.199.94.186:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 198.199.94.186:80
198.199.94.186:80 arrow_forward computer localhost:65192

UDP
Info
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:55394 arrow_forward help_outline 224.0.0.252:5355
computer localhost:59829 arrow_forward computer localhost:53

HTTP
Info
computer localhost send GET 50w66.staging.motiontactic.com attach_file /h8t5r1a8d5/BGtiNYgh2.zip
computer localhost send GET 50w66.staging.motiontactic.com attach_file /
computer localhost send GET 198.199.94.186 help_outline attach_file /h8t5r1a8d5/BGtiNYgh2.zip

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 46.97%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.11%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 51.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 79.73%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.99%
suspicious: True check_circle

Add to Collection
Download