Report #6513 check_circle

Binary
DLL
False cancel
Size
1.11MB
trid
67.7% InstallShield setup
15.7% DOS Borland compiled Executable
7.0% Win32 Executable
3.1% OS/2 Executable
3.1% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
e4a94d5f50dc72dd99ba3f532ace8c4d
sha1
ee5191cda2334ea2535dac8b49b38aed4781e9f7
crc32
0xa2de8daf
sha224
03bd027e2f2814acd6c7d16b48ad67d244486bcaef574a6e96fbd83f
sha256
b8d461c680697bde3519362be4c4b7ce791138f34676ee3025a7a180650b67b7
sha384
5dbd664d9b7cdca64bb334bd6234ec1bc60f3735901269a6dfc566ad0bcadb5b83e604be91f114a594ce93c1ecb5fbae
sha512
0de1f6daf86b096662f343ee6144fb4ec91345c8b01ceb08da3ecd64a51b74f7b44c51d5295b599524b8576149ed39da43f59dacf4fb6c69294f7272d73519c0
ssdeep
24576:zqkPRinVlTMFg1N5/EEgssWmQ/iWTKHg8H7GLmyz6:zfuiEgKiJH7k+
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, CookieTools, Borland_Delphi_30_, network_dropper, network_ssl, BASE64_table, borland_delphi, Delphi_FormShow, network_dns, BobSoftMiniDelphiBoBBobSoft, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_files_operation, IsPE32, win_hook, network_tcp_socket, screenshot, network_tcp_listen, Borland_Delphi_v40_v50, keylogger, contentis_base64, Borland_Delphi_40_additional, Borland_Delphi_40, Delphi_Random, IsWindowsGUI, network_udp_sock, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, win_registry, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30

Suspicious
True check_circle

Strings
List
https://docs.google.com/uc?authuser=0&id=0B_qBxZfLqhrsWmxacVlqRlpGdDQ&export=download
http://www.indyproject.org/
t.Ht
C:\builds\TpAddons\IndyNet\System\IdStack.pas
C:\builds\TpAddons\IndyNet\System\IdStack.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdGlobal.pas
C:\Builds\TpAddons\IndyNet\System\IdStreamVCL.pas
C:\Builds\TpAddons\IndyNet\System\IdStreamVCL.pas
GlassFrame.Top
Font.Name
Font.Style
I.as
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
ssleay32.dll
127.0.0.1
\weather.zlib
C:\builds\TpAddons\IndyNet\Protocols\IdCoder3to4.pas
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
C:\builds\TpAddons\IndyNet\Protocols\IdCoder00E.pas
C:\builds\TpAddons\IndyNet\Core\IdIOHandler.pas
C:\builds\TpAddons\IndyNet\Core\IdIOHandler.pas
Outlook2000=
DThis authentication method is already registered with class name %s.$Error accepting connection with SSL.
SSL_set_connect_state
B.rsrc
Outlook20002
Outlook20003
Outlook20006
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
ISO_646.irv:1991
Software\Borland\Delphi\Locales
Outlook2000
Outlook2000
Outlook2000
Outlook2000
Outlook2000
Outlook2000
Outlook2000
Outlook2000
Outlook2000
libeay32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
olepro32.dll
msimg32.dll
msimg32.dll
Wship6.dll
version.dll
uxtheme.dll
0.0.0.0
0.0.0.1
Urlmon.dll
oleacc.dll
winmm.dll
SHFolder.dll
Network is down.
Host is down.
Open SSL Support DLL Delphi and C++Builder interface
\fysg3ll.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
Username
Username
Socket Error # %d
OnReceive
SSL status: "%s"!Unrecognized UUE encoding scheme.
SSLv3_server_method
SSLv2_server_method
SSL_set_shutdown
SSL_shutdown
jp-ocr-b-add
+IdTCPServer
IdSSLOpenSSL|
Could not load SSL library.
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
\Deleted
as &Bitmap
as &JPEG
as &PNG
as &PDF
as &SVG
as &GIF
Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
Socks server did not respond.$Invalid socks authentication method.%Authentication error to socks server.
as &Metafile

Foremost
Matches
1911.avi, 23 KB, 1958.avi, 6 KB, 1971.avi, 6 KB, 1984.avi, 27 KB, 2039.avi, 16 KB, 2073.avi, 16 KB, 2107.avi, 15 KB, 2138.avi, 15 KB, 0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 127.0.0.1, 1, localhost.
Suspicious: 0.0.0.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.indyproject.org/, https://docs.google.com/uc?authuser=0&id=0b_qbxzflqhrswmxacvlqrlpgddq&export=download
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ssleay32.dll, MAPI32.DLL, Urlmon.dll, uxtheme.dll, oleaut32.dll, WS2_32.DLL, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, olepro32.dll, oleacc.dll, USER32.DLL, SHFolder.dll, gdi32.dll, Wship6.dll, DWMAPI.DLL, kernel32.dll, winmm.dll, libeay32.dll, shell32.dll, msimg32.dll, version.dll
hasFiles: True check_circle
Suspicious: XML files (*.xml)|*.xml, Space delimited text files (*.txt)|*.txt, Custom delimited text files (*.txt)|*.txt, Colon delimited text files (*.txt)|*.txt, Tab delimited text files (*.txt)|*.txt, PDF files (*.pdf)|*.pdf
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 285184
Suspicious: False cancel
Image
Address: 133300224
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1205015
Suspicous: False cancel

Sections
Allowed: .text, .itext, .data, .bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 881224
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: mapi32.dll, urlmon.dll, uxtheme.dll, oleaut32.dll, ws2_32.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, olepro32.dll, oleacc.dll, user32.dll, shfolder.dll, gdi32.dll, wship6.dll, dwmapi.dll, kernel32.dll, winmm.dll, shell32.dll, msimg32.dll, version.dll
hasLibs: True check_circle
Suspicious: ssleay32.dll, libeay32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-03-10 13:00:37
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: BobSoft Mini Delphi -> BoB / BobSoft
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
False cancel
Tricks
AVclass
banload
1
VirusTotal
md5
e4a94d5f50dc72dd99ba3f532ace8c4d
sha1
ee5191cda2334ea2535dac8b49b38aed4781e9f7
SCANS (DETECTION RATE = 67.65%)
AVG
result: FileRepMalware
update: 20180709
version: 18.5.3931.0
detected: True check_circle

CMC
update: 20180709
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=89)
update: 20180709
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180706
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004e25ed1 )
update: 20180709
version: 10.51.27692
detected: True check_circle

ALYac
result: Gen:Variant.Graftor.277599
update: 20180709
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMalware
update: 20180709
version: 18.5.3931.0
detected: True check_circle

Avira
result: TR/AD.Banload.bzuqp
update: 20180708
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9854
update: 20180709
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.ECUO-8731
update: 20180709
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180709
version: 7.0.33.6080
detected: False cancel

GData
result: Gen:Variant.Graftor.277599
update: 20180709
version: A:25.17727B:25.12680
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180708
version: 4.6.4.2
detected: True check_circle

VBA32
result: suspected of Trojan.Downloader.gen.s
update: 20180707
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180709
version: 67980
detected: True check_circle

Zoner
update: 20180708
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180709
version: 1.6.0.52
detected: True check_circle

ClamAV
result: Win.Dropper.Generic-6571865-0
update: 20180709
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180709
detected: False cancel

F-Prot
update: 20180709
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180708
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.axi
update: 20180709
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Generic.3!tfe (C64:YzY0OltVpzzl8xfO)
update: 20180709
version: 25.0.0.20
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180709
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!zBk8HPcy/X0
update: 20180706
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180706
version: 2.0.0.3589
detected: False cancel

Arcabit
result: Trojan.Graftor.D43C5F
update: 20180709
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180709
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (moderate confidence)
update: 20180612
version: 2.1.3
detected: True check_circle

TACHYON
update: 20180709
version: 2018-07-09.01
detected: False cancel

Tencent
result: Win32.Trojan.Graftor.Akov
update: 20180709
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180709
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180709
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180709
detected: False cancel

Ad-Aware
result: Gen:Variant.Graftor.277599
update: 20180709
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Troj.Downloader.W32.Gen.lNPd
update: 20180709
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Graftor.277599 (B)
update: 20180709
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Gen:Variant.Graftor.277599
update: 20180709
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/TrojanDldr.XLRU!tr
update: 20180709
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180709
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180709
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180709
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180709
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Abnores.R194441
update: 20180709
version: 3.13.0.21302
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.SGeneric
update: 20180709
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20180709
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180709
version: 1.1.15000.2
detected: True check_circle

Qihoo-360
update: 20180709
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180709
version: 6.8.0.5.3295
detected: False cancel

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20180709
version: 1.0
detected: True check_circle

Cybereason
result: malicious.f50dc7
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.XBU
update: 20180709
version: 17683
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBF18
update: 20180709
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Gen:Variant.Graftor.277599
update: 20180709
version: 7.2
detected: True check_circle

CrowdStrike
update: 20180530
version: 1.0
detected: False cancel

K7AntiVirus
result: Trojan-Downloader ( 004e25ed1 )
update: 20180709
version: 10.51.27692
detected: True check_circle

SentinelOne
update: 20180701
version: 1.0.17.227
detected: False cancel

Avast-Mobile
update: 20180708
version: 180707-04
detected: False cancel

Malwarebytes
update: 20180709
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180709
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180709
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.AD.emohvy
update: 20180709
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Graftor.277599
update: 20180709
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180708
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.th
update: 20180709
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBF18
update: 20180709
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
b8d461c680697bde3519362be4c4b7ce791138f34676ee3025a7a180650b67b7
scan_id
b8d461c680697bde3519362be4c4b7ce791138f34676ee3025a7a180650b67b7-1531119220
resource
e4a94d5f50dc72dd99ba3f532ace8c4d
positives
46
scan_date
2018-07-09 06:53:40
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah\weather.zlib
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Secur32.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
18/2/2020 - 1:46:43.684Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
18/2/2020 - 1:46:43.684Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:43.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:43.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:43.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\IPHLPAPI.DLL
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\WINNSI.DLL
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\DNSAPI.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 1:46:43.747Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
18/2/2020 - 1:46:43.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 1:46:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 1:46:43.903Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
18/2/2020 - 1:46:43.903Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
18/2/2020 - 1:46:43.903Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
18/2/2020 - 1:46:43.903Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\dhcpcsvc6.DLL
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/2/2020 - 1:46:43.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/2/2020 - 1:46:43.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\CRYPTSP.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\RpcRtRemote.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/2/2020 - 1:46:43.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/2/2020 - 1:46:43.950Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/2/2020 - 1:46:43.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/2/2020 - 1:46:43.997Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 1:46:43.997Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 1:46:43.997Open1480C:\malware.exeC:\dhcpcsvc.DLL
18/2/2020 - 1:46:43.997Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 1:46:43.997Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 1:46:44.43Open1480C:\malware.exeC:\rasadhlp.dll
18/2/2020 - 1:46:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 1:46:44.43Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 1:46:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
18/2/2020 - 1:46:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
18/2/2020 - 1:46:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 1:46:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:44.231Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.231Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\credssp.dll
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:44.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:44.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:44.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:44.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\ncrypt.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\bcrypt.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 1:46:44.356Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 1:46:44.356Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:44.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:44.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:44.356Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:44.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:44.372Open1480C:\malware.exeC:\GPAPI.dll
18/2/2020 - 1:46:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 1:46:44.372Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\cryptnet.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\SensApi.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 1:46:44.450Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 1:46:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\WINHTTP.dll
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\webio.dll
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 1:46:44.559Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/2/2020 - 1:46:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_4E581FBAA6C4929238A01B8A5FD6F03E
18/2/2020 - 1:46:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7
18/2/2020 - 1:46:44.887Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.887Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:44.887Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:44.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.28Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.28Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.28Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 1:46:45.90Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DFBE8B021F9E811DFC8C8A28572A17C05A_6F23CBD5B2F08B9812310F82D0E067DF
18/2/2020 - 1:46:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
18/2/2020 - 1:46:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
18/2/2020 - 1:46:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah\weather.zlib
18/2/2020 - 1:47:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah\fysg3ll.exe
18/2/2020 - 1:48:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah\ycxiyi.exe
18/2/2020 - 1:48:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah\W69CL2B8USAE.exe
18/2/2020 - 1:48:49.184Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\fca82so7sassah\weather.zlib
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Windows
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Monitor
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
18/2/2020 - 1:48:49.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
18/2/2020 - 1:46:43.747Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
18/2/2020 - 1:46:43.747Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
18/2/2020 - 1:46:43.747Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
18/2/2020 - 1:46:43.747Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
18/2/2020 - 1:46:43.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
18/2/2020 - 1:46:43.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
18/2/2020 - 1:46:43.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
18/2/2020 - 1:46:43.809Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
18/2/2020 - 1:46:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
18/2/2020 - 1:46:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
18/2/2020 - 1:46:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
18/2/2020 - 1:46:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
18/2/2020 - 1:46:44.450Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 1:46:44.450Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 1:46:44.450Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 1:46:44.450Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 1:46:44.450Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 1:46:44.450Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
18/2/2020 - 1:46:44.450Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
18/2/2020 - 1:46:44.450Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
18/2/2020 - 1:46:44.450Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
18/2/2020 - 1:46:45.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
18/2/2020 - 1:46:45.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
18/2/2020 - 1:46:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
18/2/2020 - 1:46:45.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code docs.google.com.
computer localhost arrow_forward computer gateway:DNS code docs.google.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.

Response
computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 216.58.202.131

computer gateway:DNS arrow_forward computer localhost code docs.google.com. reply_all 216.58.202.174


TCP
Info
computer localhost:65191 arrow_forward 216.58.202.174:443
216.58.202.174:443 arrow_forward computer localhost:65191
216.58.202.131:80 arrow_forward computer localhost:65192
computer localhost:65192 arrow_forward 216.58.202.131:80

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
computer localhost send GET ocsp.pki.goog attach_file /gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEGbFlJeGAf%2B1AgAAAABXm8I%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 48.52%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 93.85%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 69.14%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: False cancel

Add to Collection
Download