Report #7082 check_circle

  • Creation Date: Feb. 20, 2020, 4:38 p.m.
  • Last Update: Feb. 20, 2020, 10:13 p.m.
  • File: tucn.exe
  • Results:
Binary
DLL
False cancel
Size
2.68MB
trid
40.5% Windows screen saver
20.3% Win32 Dynamic Link Library
13.9% Win32 Executable
6.4% Win16/32 Executable Delphi generic
6.2% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
3de5ef59ed5244b35f21ea30d9da4cfa
sha1
6b829c72ff2f265a846fbe02373b3164d2ebc6ce
crc32
0x42c14a79
sha224
1eb384edf8c16e6285d3a5501d94e46d71cc814bb550f4edb90cdabd
sha256
bef4c61c9d8bb5e8b87f378c3d0243b751f2c7b166ffc078c05dd72c39fca6ba
sha384
491a3237faabd856f4779e41339ddb76ab63d73602e40612d6a83a86c88eb64a1cc5fefd30adda8548098f4210305102
sha512
8adf059b31bf3b10e98fdf3aa408d769e9d64bd9ffda42f425c49bb1d3cfc75892aa751f722ce83132de4b496344f4ff2d544880071532d199294cac8ae1bb87
ssdeep
49152:IWqAJ7PRmmgpA0iLsNryoSt0+HBv5dGmQSXxZg5ytyodyyqYHJanMi:IWTLRvg6MNrydt0+hRdGmQyTHdJanMi
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, win_hook, anti_dbg, HasDigitalSignature, network_tcp_listen, network_dns, screenshot, win_token, win_files_operation, keylogger, contentis_base64, win_registry, IsPacked, HasOverlay, url, escalate_priv, IsPE32, network_tcp_socket, IsWindowsGUI, IP

Suspicious
True check_circle

Strings
List
Nhttp://icp-brasil2.validcertificadora.com.br/ac-validrfb/lcr-ac-validrfbv2.crl0I
Mhttp://icp-brasil.validcertificadora.com.br/ac-validrfb/lcr-ac-validrfbv2.crl0T
Ihttp://icp-brasil.validcertificadora.com.br/ac-validrfb/ac-validrfbv2.p7b01
Khttp://icp-brasil.validcertificadora.com.br/ac-validrfb/dpc-ac-validrfb.pdf0
Chttp://repositorio.icpbrasil.gov.br/lcr/VALID/lcr-ac-validrfbv2.crl0
%http://ocsp.validcertificadora.com.br0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
geraldojjunior@gmail.com
W.La
Pl.Yt
ZeNiX [forum.exetools.com]
ZeNiX [forum.exetools.com]
Zenix Yang [zenix.ccg@gmail.com]Zenix Yang [zenix.ccg@gmail.com]
Zenix Yang [zenix.ccg@gmail.com]Zenix Yang [zenix.ccg@gmail.com]
Y.CO
V.Ad
W.vI
r.mP
Y.AF
V.MO
jl.SE
http://www.usertrust.com1
http://www.usertrust.com1
2W.pk
p.jM
z.BV
Q.Aw
Q.jp
m.aZ
!?O)p.AU
!E.Cr
http://ocsp.usertrust.com0
0-.gq
ei.vi]
xdL]P.dnn
wsock32.dll
winspool.drv
A.mra
comctl32.dll
msimg32.dll
version.dll
wininet.dll
1.0.0.0
1.0.0.0
SHFolder.dll
(eb;r
pr-&o
a@:wlt
Rds<"
RA+-D
A1a@02vI
%maZ%tpe0_',o
Ue:w
a/Ld
RD&of
RdD\l
,NKhD
%ESp"nh<V
1 he
t|?<I2P%o
%gnDo\
5%7ah[-
A3rd
GA6H
i6%a[R"
-1%oi
k1aiC
.oe'E?%e
O%A1D
1%esr
imfd=%%
`/%ne;
[%nF!R
ON%|c
I%iA,.
@AUs%i
L=%ih
P.%Ee
$HAf%i
p%EA#p
%oA_L
%A>fh
T%shG;x
8WtO%pD
;%uOLWK
Uted
tAwL
EBYo
Yhb%s
eA%iw
G%uTA
%lnOi
ulT%p
O%icK
tmE%g
%ahbc
%iwhb
%erLk
p %7eN
D B_R%a

Foremost
Matches
0.exe, 2 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.usertrust.com1, http://icp-brasil.validcertificadora.com.br/ac-validrfb/ac-validrfbv2.p7b01, http://icp-brasil.validcertificadora.com.br/ac-validrfb/dpc-ac-validrfb.pdf0, http://crl.usertrust.com/utn-userfirst-object.crl05, http://icp-brasil.validcertificadora.com.br/ac-validrfb/lcr-ac-validrfbv2.crl0t, http://icp-brasil2.validcertificadora.com.br/ac-validrfb/lcr-ac-validrfbv2.crl0i, http://repositorio.icpbrasil.gov.br/lcr/valid/lcr-ac-validrfbv2.crl0, http://ocsp.usertrust.com0, http://ocsp.validcertificadora.com.br0
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: oleaut32.dll, wininet.dll, msimg32.dll, user32.dll, comctl32.dll, advapi32.dll, gdi32.dll, wsock32.dll, kernel32.dll, version.dll, ole32.dll, SHFolder.dll, shell32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 920064
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 2837704
Suspicous: False cancel

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .tls, .rdata, .vmp0, .vmp1, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5654983
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: oleaut32.dll, wininet.dll, msimg32.dll, user32.dll, comctl32.dll, advapi32.dll, gdi32.dll, wsock32.dll, kernel32.dll, version.dll, ole32.dll, shfolder.dll, shell32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-04-25 16:21:54
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 1041
.rsrc: 3

pushpopmath
none: 870
.rsrc: 5

ss register
none: 16

garbagebytes
none: 424
.rsrc: 2

hookdetection
none: 27

software breakpoint
none: 60

fakeconditionaljumps
none: 28

programcontrolflowchange
none: 397
.rsrc: 2

cpuinstructionsresultscomparison
none: 3
.rsrc: 12

AVclass
adun
1
VirusTotal
md5
3de5ef59ed5244b35f21ea30d9da4cfa
sha1
6b829c72ff2f265a846fbe02373b3164d2ebc6ce
SCANS (DETECTION RATE = 63.24%)
AVG
result: Win32:Malware-gen
update: 20180710
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20180710
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=81)
update: 20180710
version: 2017.11.15.1
detected: True check_circle

Bkav
result: HW32.Packed.DAF1
update: 20180706
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Spyware ( 0050bf281 )
update: 20180710
version: 10.52.27704
detected: True check_circle

ALYac
result: Trojan.GenericKD.5065278
update: 20180710
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20180710
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Crypt.XPACK.Gen
update: 20180710
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180710
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.ZJLM-0063
update: 20180710
version: 6.0.0.4
detected: True check_circle

DrWeb
update: 20180710
version: 7.0.33.6080
detected: False cancel

GData
result: Trojan.GenericKD.5065278
update: 20180710
version: A:25.17737B:25.12688
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20180709
version: 4.6.4.2
detected: True check_circle

VBA32
result: BScope.TrojanPSW.Banker
update: 20180709
version: 3.12.32.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180710
version: 68004
detected: True check_circle

Zoner
update: 20180709
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180710
version: 1.6.0.52
detected: True check_circle

ClamAV
update: 20180710
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180710
version: 29322
detected: True check_circle

F-Prot
update: 20180710
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Spy.Agent
update: 20180709
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!3DE5EF59ED52
update: 20180710
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (CLOUD)
update: 20180710
version: 25.0.0.20
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180710
version: 4.98.0
detected: True check_circle

Yandex
result: TrojanSpy.Banker!NoQAQ9fMPGc
update: 20180709
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.Agent.Win32.811205
update: 20180709
version: 2.0.0.3590
detected: True check_circle

Arcabit
result: Trojan.Generic.D4D4A3E
update: 20180710
version: 1.0.0.831
detected: True check_circle

Babable
update: 20180406
version: 9107201
detected: False cancel

Cylance
result: Unsafe
update: 20180710
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180612
version: 2.1.3
detected: True check_circle

TACHYON
update: 20180710
version: 2018-07-10.02
detected: False cancel

Tencent
result: Win32.Trojan.Falsesign.Lpbx
update: 20180710
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180709
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180710
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180710
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.5065278
update: 20180710
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20180710
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.5065278 (B)
update: 20180710
version: 2018.4.0.1029
detected: True check_circle

F-Secure
result: Trojan.GenericKD.5065278
update: 20180710
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banker.ADUN!tr.spy
update: 20180710
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180601
version: 6.3.5.26121
detected: True check_circle

Jiangmin
update: 20180710
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180710
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180710
version: 1.0
detected: False cancel

Symantec
result: ML.Attribute.HighConfidence
update: 20180710
version: 1.6.0.0
detected: True check_circle

AhnLab-V3
update: 20180709
version: 3.13.0.21302
detected: False cancel

Antiy-AVL
update: 20180710
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan-Banker.Win32.Agent.aaww
update: 20180710
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180710
version: 1.1.15000.2
detected: False cancel

Qihoo-360
update: 20180710
version: 1.0.0.1120
detected: False cancel

TheHacker
result: Trojan/Spy.Banker.adun
update: 20180710
version: 6.8.0.5.3302
detected: True check_circle

ZoneAlarm
result: Trojan-Banker.Win32.Agent.aaww
update: 20180710
version: 1.0
detected: True check_circle

Cybereason
result: malicious.9ed524
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Spy.Banker.ADUN
update: 20180710
version: 17689
detected: True check_circle

TrendMicro
result: TROJ_GEN.R007C0GLC17
update: 20180710
version: 10.0.0.1040
detected: True check_circle

BitDefender
result: Trojan.GenericKD.5065278
update: 20180710
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (D)
update: 20180530
version: 1.0
detected: True check_circle

K7AntiVirus
result: Spyware ( 0050bf281 )
update: 20180710
version: 10.52.27704
detected: True check_circle

SentinelOne
update: 20180701
version: 1.0.17.227
detected: False cancel

Avast-Mobile
update: 20180710
version: 180709-04
detected: False cancel

Malwarebytes
update: 20180710
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180710
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20180709
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Banker.eohplu
update: 20180710
version: 1.0.116.23366
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.5065278
update: 20180710
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180710
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180710
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R007C0GLC17
update: 20180710
version: 9.950.0.1006
detected: True check_circle

total
68
sha256
bef4c61c9d8bb5e8b87f378c3d0243b751f2c7b166ffc078c05dd72c39fca6ba
scan_id
bef4c61c9d8bb5e8b87f378c3d0243b751f2c7b166ffc078c05dd72c39fca6ba-1531204773
resource
3de5ef59ed5244b35f21ea30d9da4cfa
positives
43
scan_date
2018-07-10 06:39:33
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
20/2/2020 - 21:45:43.106Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 21:45:43.106Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 21:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\System.IdentityModel.Selectors.dll
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\malware.exe.config
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:43.168Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:43.168Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:43.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:43.168Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.59Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.106Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.106Unknown1480C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\dwmapi.dll
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 21:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
20/2/2020 - 21:45:45.168Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\ntmarta.dll
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
20/2/2020 - 21:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\system\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Monitor\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\kre3.l.DLL
20/2/2020 - 21:45:45.684Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\kre3.l.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Windows\system\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Windows\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Monitor\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Windows\k.DLL
20/2/2020 - 21:45:46.215Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\k.DLL
20/2/2020 - 21:45:46.278Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\k.DLL
20/2/2020 - 21:45:46.325Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:46.325Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
20/2/2020 - 21:45:46.418Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
20/2/2020 - 21:45:46.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
20/2/2020 - 21:45:46.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
20/2/2020 - 21:45:46.465Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
20/2/2020 - 21:45:46.512Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
20/2/2020 - 21:45:46.700Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
20/2/2020 - 21:45:46.700Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:46.700Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:46.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:46.700Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:46.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:46.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
20/2/2020 - 21:45:46.715Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Secur32.dll
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.715Unknown1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:46.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:46.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:46.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:46.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
20/2/2020 - 21:45:46.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
20/2/2020 - 21:45:46.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
20/2/2020 - 21:45:46.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
20/2/2020 - 21:45:46.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
20/2/2020 - 21:45:46.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:46.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:46.793Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:46.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:46.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:46.793Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:46.793Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:46.856Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
20/2/2020 - 21:45:50.231Open1480C:\malware.exeC:\their.dhn
20/2/2020 - 21:45:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 21:45:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 21:45:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 21:45:50.231Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\IPHLPAPI.DLL
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\WINNSI.DLL
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:50.293Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:50.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:50.356Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\DNSAPI.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 21:45:50.356Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 21:45:50.497Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 21:45:50.497Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 21:45:50.497Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 21:45:50.497Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 21:45:50.543Open1480C:\malware.exeC:\dhcpcsvc6.DLL
20/2/2020 - 21:45:50.543Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
20/2/2020 - 21:45:50.543Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 21:45:50.543Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
20/2/2020 - 21:45:50.543Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\CRYPTSP.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.590Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\RpcRtRemote.dll
20/2/2020 - 21:45:50.606Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 21:45:50.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:50.622Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 21:45:50.622Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:50.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:50.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:50.622Open1480C:\malware.exeC:\dhcpcsvc.DLL
20/2/2020 - 21:45:50.622Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
20/2/2020 - 21:45:50.622Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
20/2/2020 - 21:45:50.684Open1480C:\malware.exeC:\rasadhlp.dll
20/2/2020 - 21:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
20/2/2020 - 21:45:50.684Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
20/2/2020 - 21:45:50.778Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 21:45:50.778Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 21:45:50.950Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
20/2/2020 - 21:45:50.950Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
20/2/2020 - 21:45:51.12Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:51.12Open1480C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:51.12Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:51.12Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:51.28Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:51.28Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:51.28Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:51.28Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.43Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.106Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.106Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.106Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.106Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.106Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.106Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:51.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
20/2/2020 - 21:45:51.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
20/2/2020 - 21:45:51.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\ref.url[1].htm
20/2/2020 - 21:45:51.497Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\ref.url[1].htmref.url[1].htm
20/2/2020 - 21:45:51.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:45:51.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:45:51.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:45:51.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:45:51.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:45:51.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:45:51.762Open1480C:\malware.exeC:\credssp.dll
20/2/2020 - 21:45:51.778Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
20/2/2020 - 21:45:51.778Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
20/2/2020 - 21:45:51.778Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
20/2/2020 - 21:45:51.778Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
20/2/2020 - 21:45:51.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
20/2/2020 - 21:45:51.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:45:51.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:45:51.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:45:51.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:45:51.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:45:51.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:45:52.168Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:52.168Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Read1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Read1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 21:45:54.262Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
20/2/2020 - 21:45:54.278Unknown1480C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
20/2/2020 - 21:45:54.325Read532C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
20/2/2020 - 21:45:54.325Open532C:\malware.exe\Device\HarddiskVolume2
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Monitor
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Monitor
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Monitor
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\Globalization
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\Globalization
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\Globalization
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\Globalization\Sorting
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\Globalization\Sorting
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\Globalization\Sorting
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\pt-BR
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\pt-BR
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\pt-BR
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\SysWOW64
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\user32.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\user32.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\System32\apisetschema.dll
20/2/2020 - 21:45:54.325Unknown532C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
20/2/2020 - 21:45:54.325Open532C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\System32\locale.nls
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\System32\locale.nls
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\ole32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\ole32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\normaliz.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\normaliz.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\iertutil.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\iertutil.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\userenv.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\userenv.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\profapi.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\profapi.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\System32\mctres.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\System32\mctres.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.mui
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\nsi.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\nsi.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 21:45:54.340Open532C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:54.340Unknown532C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:54.356Read532C:\malware.exeC:\Windows\System32\mctres.dll
20/2/2020 - 21:45:54.356Read532C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\locale.nls
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
20/2/2020 - 21:45:54.356Read532C:\malware.exeC:\Windows\System32\mctres.dll
20/2/2020 - 21:45:54.356Read532C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\ntdll.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\kernel32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\user32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\ole32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\user32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\lpk.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\usp10.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\normaliz.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\iertutil.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\userenv.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\profapi.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\shell32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\nsi.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\msctf.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:54.356Unknown532C:\malware.exe\Device\HarddiskVolume2
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows\System32\wow64.dll
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows\System32\wow64win.dll
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 21:45:54.356Open532C:\malware.exeC:\Windows\System32\wow64cpu.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\System32\wow64log.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows
20/2/2020 - 21:45:54.372Unknown532C:\malware.exeC:\Windows
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Monitor
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\sechost.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\msimg32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\msimg32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\version.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\version.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
20/2/2020 - 21:45:54.372Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.372Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.372Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\winspool.drv
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\winspool.drv
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\winspool.drv
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\wsock32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\SHFolder.dll
20/2/2020 - 21:45:54.372Open532C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\Windows\SysWOW64\imm32.dll
20/2/2020 - 21:45:54.387Open532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.481Unknown532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.872Open532C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
20/2/2020 - 21:45:54.872Unknown532C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
20/2/2020 - 21:45:54.872Open532C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:54.887Open532C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
20/2/2020 - 21:45:54.934Open532C:\malware.exeC:\System.IdentityModel.Selectors.dll
20/2/2020 - 21:45:54.934Open532C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
20/2/2020 - 21:45:54.934Open532C:\malware.exeC:\malware.exe.config
20/2/2020 - 21:45:54.934Open532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.934Unknown532C:\malware.exeC:\malware.exe
20/2/2020 - 21:45:54.934Open532C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:54.934Unknown532C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:54.934Open532C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:54.934Unknown532C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
20/2/2020 - 21:45:56.747Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Open532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Unknown532C:\malware.exeC:\Monitor\Malware
20/2/2020 - 21:45:56.793Open532C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:56.809Open532C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:56.856Open532C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:56.856Open532C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
20/2/2020 - 21:45:56.856Open532C:\malware.exeC:\dwmapi.dll
20/2/2020 - 21:45:56.856Open532C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 21:45:56.856Open532C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
20/2/2020 - 21:45:56.856Open532C:\malware.exeC:\Windows\Fonts\StaticCache.dat
20/2/2020 - 21:45:56.856Read532C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
20/2/2020 - 21:45:56.872Open532C:\malware.exeC:\ntmarta.dll
20/2/2020 - 21:45:56.872Open532C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
20/2/2020 - 21:45:56.872Open532C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\SysWOW64\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\system\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Monitor\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\SysWOW64\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\SysWOW64\wbem\kre3.l.DLL
20/2/2020 - 21:45:57.387Open532C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\kre3.l.DLL
20/2/2020 - 21:45:57.934Open532C:\malware.exeC:\k.DLL
20/2/2020 - 21:45:57.934Open532C:\malware.exeC:\Windows\SysWOW64\k.DLL
20/2/2020 - 21:45:57.934Open532C:\malware.exeC:\Windows\system\k.DLL
20/2/2020 - 21:45:57.934Open532C:\malware.exeC:\Windows\k.DLL
20/2/2020 - 21:45:57.934Open532C:\malware.exeC:\Monitor\k.DLL
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\SysWOW64\k.DLL
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\k.DLL
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\SysWOW64\wbem\k.DLL
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\k.DLL
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
20/2/2020 - 21:45:57.950Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61
20/2/2020 - 21:45:57.950Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui
20/2/2020 - 21:45:57.965Open532C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
20/2/2020 - 21:45:57.965Open532C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
20/2/2020 - 21:45:57.965Open532C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:57.965Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:57.965Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:57.965Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:57.965Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Windows\WindowsShell.Manifest
20/2/2020 - 21:45:58.28Unknown532C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Secur32.dll
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Windows\SysWOW64\secur32.dll
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.28Unknown532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.28Open532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.43Unknown532C:\malware.exeC:\Users\Behemot
20/2/2020 - 21:45:58.43Open532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:58.59Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
20/2/2020 - 21:45:58.59Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
20/2/2020 - 21:45:58.59Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:58.59Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:58.59Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:58.59Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:58.59Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
20/2/2020 - 21:45:58.122Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
20/2/2020 - 21:45:59.200Open532C:\malware.exeC:\their.dhn
20/2/2020 - 21:45:59.200Open532C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 21:45:59.200Open532C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 21:45:59.200Open532C:\malware.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 21:45:59.200Open532C:\malware.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\IPHLPAPI.DLL
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\WINNSI.DLL
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:59.215Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:59.215Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:59.231Open532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:59.231Unknown532C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
20/2/2020 - 21:45:59.231Open532C:\malware.exeC:\DNSAPI.dll
20/2/2020 - 21:45:59.231Open532C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 21:45:59.231Open532C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 21:45:59.278Open532C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
20/2/2020 - 21:45:59.278Open532C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
20/2/2020 - 21:45:59.278Open532C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:59.278Open532C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:59.403Open532C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 21:45:59.403Open532C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
20/2/2020 - 21:45:59.403Open532C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 21:45:59.403Open532C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
20/2/2020 - 21:45:59.450Open532C:\malware.exeC:\dhcpcsvc6.DLL
20/2/2020 - 21:45:59.450Open532C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
20/2/2020 - 21:45:59.450Unknown532C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 21:45:59.450Open532C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
20/2/2020 - 21:45:59.450Unknown532C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
20/2/2020 - 21:45:59.497Open532C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:59.497Open532C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:59.497Open532C:\malware.exeC:\dhcpcsvc.DLL
20/2/2020 - 21:45:59.497Open532C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
20/2/2020 - 21:45:59.497Open532C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
20/2/2020 - 21:45:59.497Open532C:\malware.exeC:\CRYPTSP.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.512Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\RpcRtRemote.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 21:45:59.528Unknown532C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:59.528Open532C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
20/2/2020 - 21:45:59.528Unknown532C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
20/2/2020 - 21:45:59.590Open532C:\malware.exeC:\rasadhlp.dll
20/2/2020 - 21:45:59.590Open532C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
20/2/2020 - 21:45:59.590Open532C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
20/2/2020 - 21:45:59.590Open532C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
20/2/2020 - 21:45:59.590Open532C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\malware.exe.Local
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:59.637Unknown532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
20/2/2020 - 21:45:59.637Open532C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wship6.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.653Open532C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
20/2/2020 - 21:45:59.715Open532C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 21:45:59.715Open532C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
20/2/2020 - 21:45:59.981Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
20/2/2020 - 21:45:59.981Unknown532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
20/2/2020 - 21:45:59.981Open532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\ref.url[1].htm
20/2/2020 - 21:45:59.981Write532C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\ref.url[1].htmref.url[1].htm
20/2/2020 - 21:45:59.981Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:45:59.981Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:45:59.981Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:45:59.981Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:45:59.981Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:45:59.981Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\credssp.dll
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\Windows\SysWOW64\credssp.dll
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\Windows\SysWOW64\credssp.dll
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\Windows\SysWOW64\schannel.dll
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\Windows\SysWOW64\schannel.dll
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
20/2/2020 - 21:46:0.247Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:46:0.247Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:46:0.262Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:46:0.262Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:46:0.262Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.262Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.622Open532C:\malware.exeC:\ncrypt.dll
20/2/2020 - 21:46:0.622Open532C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
20/2/2020 - 21:46:0.622Open532C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
20/2/2020 - 21:46:0.622Open532C:\malware.exeC:\bcrypt.dll
20/2/2020 - 21:46:0.637Open532C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
20/2/2020 - 21:46:0.637Open532C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
20/2/2020 - 21:46:0.637Open532C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
20/2/2020 - 21:46:0.637Unknown532C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
20/2/2020 - 21:46:0.637Open532C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
20/2/2020 - 21:46:0.637Unknown532C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
20/2/2020 - 21:46:0.637Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:46:0.637Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:46:0.637Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:46:0.637Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:46:0.653Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.653Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.653Open532C:\malware.exeC:\GPAPI.dll
20/2/2020 - 21:46:0.653Open532C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
20/2/2020 - 21:46:0.653Open532C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
20/2/2020 - 21:46:0.715Open532C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:46:0.715Open532C:\malware.exeC:\Windows\SysWOW64\wininet.dll
20/2/2020 - 21:46:0.778Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
20/2/2020 - 21:46:0.778Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:46:0.778Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
20/2/2020 - 21:46:0.778Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:46:0.778Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
20/2/2020 - 21:46:0.793Open532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.793Unknown532C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
20/2/2020 - 21:46:0.793Open532C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
20/2/2020 - 21:46:0.793Unknown532C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
20/2/2020 - 21:46:0.793Open532C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
20/2/2020 - 21:46:0.793Unknown532C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
20/2/2020 - 21:46:0.793Open532C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
20/2/2020 - 21:46:0.793Open532C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\cryptnet.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\SensApi.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
20/2/2020 - 21:46:0.809Open532C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
20/2/2020 - 21:46:1.12Open532C:\malware.exeC:\WINHTTP.dll
20/2/2020 - 21:46:1.12Open532C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 21:46:1.12Open532C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
20/2/2020 - 21:46:1.12Open532C:\malware.exeC:\webio.dll
20/2/2020 - 21:46:1.12Open532C:\malware.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 21:46:1.12Open532C:\malware.exeC:\Windows\SysWOW64\webio.dll
20/2/2020 - 21:46:1.28Open532C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
20/2/2020 - 21:46:1.168Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.168Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.168Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.168Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.168Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9705ADB0B885964A56172A413E676122
20/2/2020 - 21:46:1.247Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.247Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.247Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.247Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.262Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_F376EEE5459FFB291561AA18378D7110
20/2/2020 - 21:46:1.262Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.262Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A7891822FCFF127E4EADADE9757112B
20/2/2020 - 21:46:1.293Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.293Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.293Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.293Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.293Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.293Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.434Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.434Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.434Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.434Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.434Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
20/2/2020 - 21:46:1.528Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.528Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.543Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.543Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.543Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.543Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow
20/2/2020 - 21:46:1.543Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.543Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.559Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.559Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
20/2/2020 - 21:46:1.559Open532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Read532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Read532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Read532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Write532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2
20/2/2020 - 21:46:1.559Unknown532C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2E2C6CBAF0AF08CF203BA74BF0D0AB6D5_427CDB1C9AAC2BAE6B426DB11F126FA2

Process
Trace
20/2/2020 - 21:45:54.262Create1480C:\malware.exe532C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
20/2/2020 - 21:45:46.715Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
20/2/2020 - 21:45:46.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
20/2/2020 - 21:45:46.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
20/2/2020 - 21:45:49.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runmalware.exe
20/2/2020 - 21:45:50.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
20/2/2020 - 21:45:50.356Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
20/2/2020 - 21:45:50.356Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
20/2/2020 - 21:45:50.356Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
20/2/2020 - 21:45:50.356Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
20/2/2020 - 21:45:50.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
20/2/2020 - 21:45:50.622Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
20/2/2020 - 21:45:50.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:50.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:50.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:50.778Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:45:51.575Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:51.575Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:51.575Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:51.575Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
20/2/2020 - 21:45:52.372Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:52.372Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:52.372Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
20/2/2020 - 21:45:52.372Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:52.372Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:52.372Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:52.372Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:45:58.28Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
20/2/2020 - 21:45:58.43Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
20/2/2020 - 21:45:58.43Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
20/2/2020 - 21:45:58.168Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runmalware.exe
20/2/2020 - 21:45:59.231Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
20/2/2020 - 21:45:59.231Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
20/2/2020 - 21:45:59.231Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
20/2/2020 - 21:45:59.231Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
20/2/2020 - 21:45:59.231Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
20/2/2020 - 21:45:59.231Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
20/2/2020 - 21:45:59.497Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
20/2/2020 - 21:45:59.715Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:45:59.715Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:45:59.715Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:45:59.715Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:46:0.90Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:46:0.90Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:46:0.90Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:46:0.90Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:46:0.793Write532C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
20/2/2020 - 21:46:0.793Write532C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
20/2/2020 - 21:46:0.793Write532C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
20/2/2020 - 21:46:0.793Write532C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
20/2/2020 - 21:46:0.793Write532C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
20/2/2020 - 21:46:0.950Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:46:0.950Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:46:0.950Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:46:0.950Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
20/2/2020 - 21:46:1.12Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:46:1.12Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
20/2/2020 - 21:46:1.12Write532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
20/2/2020 - 21:46:1.12Delete532C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code php.net.
computer localhost arrow_forward computer gateway:DNS code ctldl.windowsupdate.com.
computer localhost arrow_forward computer gateway:50273 code php.net.

Response
computer gateway:DNS arrow_forward computer localhost code php.net. reply_all 185.85.0.29

computer gateway:DNS arrow_forward computer localhost code ctldl.windowsupdate.com. reply_all 13.107.4.50


TCP
Info
computer localhost:65192 arrow_forward 185.85.0.29:443
185.85.0.29:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 185.85.0.29:80
185.85.0.29:443 arrow_forward computer localhost:65192
13.107.4.50:80 arrow_forward computer localhost:65195
185.85.0.29:443 arrow_forward computer localhost:65194
185.85.0.29:80 arrow_forward computer localhost:65193
192.16.58.8:80 arrow_forward computer localhost:65196
computer localhost:65194 arrow_forward 185.85.0.29:443
computer localhost:65193 arrow_forward 185.85.0.29:80
computer localhost:65195 arrow_forward 13.107.4.50:80
computer localhost:65196 arrow_forward 192.16.58.8:80

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ctldl.windowsupdate.com attach_file /msdownload/update/v3/static/trustedr/en/DF3C24F9BFD666761B268073FE06D1CC8D4F82A4.crt?20fc7503245bb529
computer localhost send GET php.net attach_file /manual/pt_BR/ref.url.php
computer localhost send GET ocsp.digicert.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAkO6MXeW%2Fpi0q4v9wl8SFc%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 61.11%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 75.27%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 68.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 48.99%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.41%
suspicious: True check_circle

Add to Collection
Download