Report #6874 check_circle

  • Creation Date: Feb. 19, 2020, 3:54 p.m.
  • Last Update: Feb. 19, 2020, 8:25 p.m.
  • File: Pdr30.exe
  • Results:
Binary
DLL
False cancel
Size
1.23MB
trid
44.3% Win32 Executable Borland Delphi 7
30.0% Win32 Executable Borland Delphi 5
17.5% Win32 Executable Borland Delphi 6
2.8% InstallShield setup
2.7% Win32 EXE PECompact compressed
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
d4e369f1f08817c1e6c17271c81997f4
sha1
2e4c6784d9231181f60eb18e0566cd49eadc9b4c
crc32
0xc8c455b9
sha224
8109350d150c2bf583abdfdc1c267fe37f8a79adbd4ba3c6cb8820ce
sha256
12369843f8eccd328a8cd6b400ceacbd7ec8226d91eda3c2b56125ecd5f406c3
sha384
deb2f1d2af6d31e8b68c27275c04faaeacf81da63b308e8dfed593df6d0101a46abc007508f1433f5030de3aad345413
sha512
c3e5ddb104095f3c75330bb450ce5c69882802d026f2f9dc7cf79b27c14a0203e61d0474d04078a7f34e99f8808e7a3945bfc27c2517ad566b31ab4b2a7a88b3
ssdeep
24576:s5tpCuUfW5A5T3oaKkOnaElb6K9bAjcr6pjahO/zJ0y0l2RSwBlgTU+WL:sLp6oj0shGA80ym2RSwkTPWL
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Borland, IP, win_private_profile, CookieTools, Borland_Delphi_30_, network_dropper, CRC32_poly_Constant, BASE64_table, Delphi_DecodeDate, RIPEMD160_Constants, borland_delphi, Delphi_FormShow, network_dns, BobSoftMiniDelphiBoBBobSoft, CRC32_table, Microsoft_Visual_Cpp_v50v60_MFC, BobSoft_Mini_Delphi_BoB_BobSoft_additional, win_files_operation, IsPE32, win_hook, RijnDael_AES_CHAR, contentis_base64, network_tcp_socket, screenshot, network_tcp_listen, Borland_Delphi_v40_v50, keylogger, win_mutex, Borland_Delphi_40_additional, Borland_Delphi_40, network_ssl, Delphi_Random, IsWindowsGUI, network_udp_sock, Delphi_Copy, Borland_Delphi_Setup_Module, Borland_Delphi_DLL, url, SHA1_Constants, win_registry, Delphi_CompareCall, RijnDael_AES_LONG, Delphi_StrToInt, Borland_Delphi_30_additional, Borland_Delphi_v30, Big_Numbers0

Suspicious
True check_circle

Strings
List
the appropriate version of this product at http://www.componentace.com
Web site: http://www.componentace.com
c:\program files (x86)\borland\delphi7\Lib\AdvEdDD.pas
c:\program files (x86)\borland\delphi7\Lib\AdvXPVS.pas
c:\program files (x86)\borland\delphi7\Lib\ATXPVS.pas
t.Ht
CaptionFont.Style
CaptionFont.Name
LabelFont.Name
Font.Style
Font.Name
LabelFont.Style
NotesFont.Name
Lookup.Font.Name
NotesFont.Style
Lookup.Font.Style
DropDownFooter.Font.Style
DropDownFooter.Font.Name
ItemAppearance.Font.Name
Invalid compressed size, rfs.size = %d, count = %d
DropDownHeader.Font.Name
DropDownHeader.Font.Style
ItemAppearance.Font.Style
ButtonAppearance.Font.Style
ButtonAppearance.Font.Name
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
feel free to contact us at support@componentace.com
ssleay32.dll
127.0.0.1
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
1.3.2.0
h.JM
\Software\Borland\C++Builder
SSL status: "%s"
\Software\Borland\Delphi
SSL_set_connect_state
P.rsrc
SOFTWARE\Borland\Delphi\RTL
Delphi%.8X
Software\Borland\Locales
Software\Borland\Delphi\Locales
\Software\Borland\BDS
comctl32.dll
libeay32.dll
comctl32.dll
comctl32.dll
comctl32.dll
comctl32.dll
version.dll
vcltest3.dll
uxtheme.dll
0.0.0.1
Urlmon.dll
Network is down.
RdPS
Host is down.
Hashed list of file names is invalid
Username
Username
Username
Username
Password for "%s"
Socket Error # %d
OnReceive
Paint.NET v3.5.11G
Host field is empty;Circular Protection detected, Protection Object is invalid.
SSLv2_server_method
SSLv3_server_method
Paint.NET v3.5.100
EIdOpenSSLError\
SSL_set_shutdown
SSL_shutdown
ö
""fD**~T
ô
+IdTCPServer
ò
ø
õ
Could not load SSL library.
ControlOfs%.8X%.8X
WndProcPtr%.8X%.8X
fkCalculated
Calculated
Bad address.
Socks server did not respond.$Invalid socks authentication method.%Authentication error to socks server.
Connected.
JumpID("","%s")
Uh@%A
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
- Dock zone has no control
Connect timed out.
Command not supported.
Connection refused.
Already connected.
Too many open files.
Mode has not been set.
SSL_get_current_cipher
Apartment
Connection reset by peer.

Foremost
Matches
0.exe, 1 MB, 2498.png, 305 B, 2499.png, 174 B, 2499.png, 178 B, 2499.png, 305 B, 2500.png, 368 B, 2501.png, 148 B, 2501.png, 296 B, 2502.png, 345 B, 2502.png, 290 B, 2503.png, 149 B, 2503.png, 284 B, 2504.png, 376 B, 2504.png, 190 B, 2505.png, 150 B, 2505.png, 327 B
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 127.0.0.1, 1, localhost.
Suspicious: 0.0.0.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.componentace.com
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: ssleay32.dll, MAPI32.DLL, Urlmon.dll, shlwapi.dll, WS2_32.DLL, user32.dll, uxtheme.dll, COMCTL32.DLL, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, gdiplus.dll, oleaut32.dll, kernel32.dll, vcltest3.dll, libeay32.dll, version.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 198656
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: code, data, bss, .idata, .tls, .rdata, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1088652
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mapi32.dll, urlmon.dll, shlwapi.dll, ws2_32.dll, user32.dll, uxtheme.dll, comctl32.dll, ole32.dll, imm32.dll, advapi32.dll, gdi32.dll, gdiplus.dll, oleaut32.dll, kernel32.dll, version.dll, shell32.dll
hasLibs: True check_circle
Suspicious: ssleay32.dll, vcltest3.dll, libeay32.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: BobSoft Mini Delphi -> BoB / BobSoft
Compiled: True check_circle
Compilers: Borland Delphi 3.0 (???), Borland Delphi 4.0, Borland Delphi v3.0
MainPacker: BobSoft Mini Delphi -> BoB / BobSoft

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 185
.rsrc: 4

pushpopmath
none: 30
.rsrc: 12
.reloc: 53

garbagebytes
none: 181
.rsrc: 2

hookdetection
none: 6
.reloc: 3

software breakpoint
none: 8
.rsrc: 1
.reloc: 34

programcontrolflowchange
none: 181
.rsrc: 2

cpuinstructionsresultscomparison
none: 32
.rsrc: 29
.reloc: 4

AVclass
banload
1
VirusTotal
md5
d4e369f1f08817c1e6c17271c81997f4
sha1
2e4c6784d9231181f60eb18e0566cd49eadc9b4c
SCANS (DETECTION RATE = 67.65%)
AVG
result: Win32:Banker-NBF [Trj]
update: 20180608
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180608
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=82)
update: 20180608
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180608
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 0050a2871 )
update: 20180608
version: 10.48.27410
detected: True check_circle

ALYac
result: Trojan.GenericKD.40128143
update: 20180608
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Banker-NBF [Trj]
update: 20180608
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Fuery.weuzq
update: 20180608
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180608
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.ODGW-6495
update: 20180608
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180608
version: 7.0.28.2020
detected: False cancel

GData
result: Trojan.GenericKD.40128143
update: 20180608
version: A:25.17362B:25.12446
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180608
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20180608
version: 3.12.32.0
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180608
version: 67028
detected: True check_circle

Zoner
update: 20180608
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180608
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180608
version: 0.99.2.0
detected: False cancel

Comodo
update: 20180608
detected: False cancel

F-Prot
update: 20180608
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180608
version: 0.1.5.2
detected: True check_circle

McAfee
result: Trojan-FMCY!D4E369F1F088
update: 20180608
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180608
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20180608
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!HdTvsRYwVKY
update: 20180608
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.78578
update: 20180608
version: 2.0.0.3570
detected: True check_circle

Arcabit
result: Trojan.Generic.D2644E8F
update: 20180608
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180608
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180507
version: 2.1.2
detected: True check_circle

TACHYON
update: 20180608
version: 2018-06-08.02
detected: False cancel

Tencent
result: Win32.Trojan.Graftor.Wtdj
update: 20180608
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180608
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180608
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180608
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.40128143
update: 20180608
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Troj.W32.Generic!c
update: 20180608
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.40128143 (B)
update: 20180608
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Trojan.GenericKD.40128143
update: 20180608
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.XWS!tr
update: 20180608
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
result: Trojan.Generic.auzva
update: 20180608
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180608
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180608
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20180608
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
result: Malware/Win32.Generic.C1897819
update: 20180608
version: 3.12.1.20996
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.AGeneric
update: 20180608
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180608
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!rfn
update: 20180608
version: 1.1.14901.4
detected: True check_circle

Qihoo-360
update: 20180608
version: 1.0.0.1120
detected: False cancel

TheHacker
update: 20180608
version: 6.8.0.5.3091
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180608
version: 1.0
detected: True check_circle

Cybereason
result: malicious.4d9231
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.XWS
update: 20180608
version: 17520
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0PBF18
update: 20180608
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.40128143
update: 20180608
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 0050a2871 )
update: 20180608
version: 10.48.27411
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180608
version: 180608-04
detected: False cancel

Malwarebytes
update: 20180608
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180608
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Generic
update: 20180608
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.enfqga
update: 20180608
version: 1.0.106.22618
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.40128143
update: 20180608
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180608
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Dropper.th
update: 20180608
version: v2017.2786
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0PBF18
update: 20180608
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
12369843f8eccd328a8cd6b400ceacbd7ec8226d91eda3c2b56125ecd5f406c3
scan_id
12369843f8eccd328a8cd6b400ceacbd7ec8226d91eda3c2b56125ecd5f406c3-1528493678
resource
d4e369f1f08817c1e6c17271c81997f4
positives
46
scan_date
2018-06-08 21:34:38
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/2/2020 - 19:46:4.528Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
19/2/2020 - 19:46:4.575Open1480C:\malware.exeC:\malware.exe.Local
19/2/2020 - 19:46:4.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
19/2/2020 - 19:46:4.668Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
19/2/2020 - 19:46:4.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
19/2/2020 - 19:46:4.668Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
19/2/2020 - 19:46:4.715Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\malware.exe.Local
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:4.903Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
19/2/2020 - 19:46:4.903Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
19/2/2020 - 19:46:4.903Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
19/2/2020 - 19:46:5.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:7.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:7.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:7.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:7.12Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:7.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:8.28Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:8.28Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Secur32.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:8.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:8.28Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:8.28Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:8.28Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:8.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:8.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:8.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\IPHLPAPI.DLL
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\WINNSI.DLL
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\DNSAPI.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 19:46:8.75Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
19/2/2020 - 19:46:8.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/2/2020 - 19:46:8.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
19/2/2020 - 19:46:8.231Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
19/2/2020 - 19:46:8.231Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
19/2/2020 - 19:46:8.231Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
19/2/2020 - 19:46:8.231Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
19/2/2020 - 19:46:8.278Open1480C:\malware.exeC:\dhcpcsvc6.DLL
19/2/2020 - 19:46:8.278Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/2/2020 - 19:46:8.278Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/2/2020 - 19:46:8.278Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
19/2/2020 - 19:46:8.278Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\dhcpcsvc.DLL
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\CRYPTSP.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\RpcRtRemote.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/2/2020 - 19:46:8.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/2/2020 - 19:46:8.325Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/2/2020 - 19:46:8.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/2/2020 - 19:46:8.387Open1480C:\malware.exeC:\rasadhlp.dll
19/2/2020 - 19:46:8.387Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/2/2020 - 19:46:8.387Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
19/2/2020 - 19:46:8.434Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
19/2/2020 - 19:46:8.434Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
19/2/2020 - 19:46:8.840Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/2/2020 - 19:46:8.840Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\malware.exe.Local
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:8.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:8.934Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\credssp.dll
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:9.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:9.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:9.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:9.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\ncrypt.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\bcrypt.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
19/2/2020 - 19:46:9.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
19/2/2020 - 19:46:9.434Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
19/2/2020 - 19:46:9.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
19/2/2020 - 19:46:9.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:9.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:9.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:9.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:9.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:9.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:9.497Open1480C:\malware.exeC:\GPAPI.dll
19/2/2020 - 19:46:9.497Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
19/2/2020 - 19:46:9.497Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\cryptnet.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_1BD32FB2B601FA8AA5F1C1562CE54FA7
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\SensApi.dll
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
19/2/2020 - 19:46:9.606Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
19/2/2020 - 19:46:9.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.653Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
19/2/2020 - 19:46:9.653Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\WINHTTP.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\webio.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
19/2/2020 - 19:46:9.715Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/2/2020 - 19:46:9.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:9.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27CB398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_AE3BACA02F5FC7421E0DAEF481BA6514
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\537EC5B641ED5E0F8A4396270680F35B
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:9.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.12Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.356Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.356Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
19/2/2020 - 19:46:10.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:10.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF4344B8AF97AF3A423D9EE52899963CDE_9C5715ABAF29A33C5FACA08736C9ABBF
19/2/2020 - 19:46:12.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:12.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:17.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:17.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:22.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:22.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo
19/2/2020 - 19:46:24.559Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
19/2/2020 - 19:46:24.559Open1480C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
19/2/2020 - 19:46:24.887Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
19/2/2020 - 19:46:24.887Open1480C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
19/2/2020 - 19:46:25.215Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
19/2/2020 - 19:46:25.215Open1480C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
19/2/2020 - 19:46:27.293Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 19:46:27.293Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 19:46:27.293Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 19:46:27.293Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/2/2020 - 19:46:29.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Grgrupo\c56s5d767.kjh
19/2/2020 - 19:46:31.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\c56s5d767.kjh
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Monitor
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
19/2/2020 - 19:46:33.528Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\c56s5d767.kjhc56s5d767.kjh

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
19/2/2020 - 19:46:8.75Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
19/2/2020 - 19:46:8.75Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
19/2/2020 - 19:46:8.75Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
19/2/2020 - 19:46:8.75Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
19/2/2020 - 19:46:8.75Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
19/2/2020 - 19:46:8.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
19/2/2020 - 19:46:8.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
19/2/2020 - 19:46:8.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
19/2/2020 - 19:46:8.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/2/2020 - 19:46:8.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/2/2020 - 19:46:8.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/2/2020 - 19:46:8.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/2/2020 - 19:46:9.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/2/2020 - 19:46:9.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/2/2020 - 19:46:9.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/2/2020 - 19:46:9.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/2/2020 - 19:46:9.590Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
19/2/2020 - 19:46:9.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/2/2020 - 19:46:9.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
19/2/2020 - 19:46:9.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
19/2/2020 - 19:46:9.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code status.geotrust.com.
computer localhost arrow_forward computer gateway:50273 code app.box.com.
computer localhost arrow_forward computer gateway:DNS code app.box.com.
computer localhost arrow_forward computer gateway:DNS code www.aura.krakow.pl.
computer localhost arrow_forward computer gateway:59829 code www.aura.krakow.pl.

Response
computer gateway:DNS arrow_forward computer localhost code status.geotrust.com. reply_all 192.16.58.8

computer gateway:DNS arrow_forward computer localhost code www.aura.krakow.pl. reply_all 193.105.32.185

computer gateway:DNS arrow_forward computer localhost code app.box.com. reply_all 107.152.26.198


TCP
Info
107.152.27.198:443 arrow_forward computer localhost:65191
192.16.58.8:80 arrow_forward computer localhost:65192
computer localhost:65191 arrow_forward 107.152.27.198:443
computer localhost:65194 arrow_forward 193.105.32.185:80
computer localhost:65192 arrow_forward 192.16.58.8:80
192.16.58.8:80 arrow_forward computer localhost:65193
computer localhost:65193 arrow_forward 192.16.58.8:80
193.105.32.185:80 arrow_forward computer localhost:65194

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ocsp.digicert.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D
computer localhost send GET www.aura.krakow.pl attach_file /wp-content/uploads/2009/08/IMG40/notify.php
computer localhost send GET status.geotrust.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEA5rnX9O7Jp9O70iiblwoJw%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 48.83%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 62.12%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 50.74%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 72.90%
suspicious: False cancel

Add to Collection
Download