Report #7349 check_circle

  • Creation Date: Feb. 21, 2020, 4:11 p.m.
  • Last Update: Feb. 22, 2020, 12:25 a.m.
  • File: index.html.exe
  • Results:
Binary
DLL
False cancel
Size
91.50KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
8d1bcbf39876e255e93f5deba8ae661c
sha1
afe42554975440116d6ae92877898b4230c212b7
crc32
0x1c80ba19
sha224
011c6706af2712ccd6174e0672eea6805cd01f79db0707ce6a7fe36a
sha256
94335091159cb2da1cce72e379b10c2149bb87b3fd762619c6a76d138c9f9ff5
sha384
788a047ff1c62b0de7a6e17161c62650e2e3a6bd679f2e23cd94cd237c23bc35adfc9afc6ff64051e86fed85973e9838
sha512
29e7427098c7fa81f976d71c7fcb3dac87057ec6718ee1d845e9cadfa7e832649d87de14b0fa296bbf64a0fd484a7b66c23ae246b2017464729d588b13437295
ssdeep
1536:t5Pkk9i95yRK6t6eXb9zn2SVmxq4BWPR03wYJw4sWmbcdmMxW/eCxZl7L3:w56K6t1XZz2mmxzBWWwowrKmMxoF1L
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, contentis_base64, Microsoft_Visual_Cpp_8, HasDebugData, IsConsole, maldoc_find_kernel32_base_method_1, win_files_operation, IsPE32, HasRichSignature

Suspicious
True check_circle

Strings
List
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
B.sdfg
fr-be
fr-ca
fr-ch
operator ""
mscoree.dll
EXPLORER.EXE
<requestedPrivileges>
IsProcessorFeaturePresent
GetProcAddress
ExitProcess
SShU
IsDebuggerPresent
explorer
TerminateProcess
CoCreateInstance
VirtualAlloc
GetModuleFileNameA
WriteFile
LoadLibraryExW
FindFirstFileExA
FindNextFileA
CreateFileW
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
GetModuleFileNameW
Microsoft Corporation. All rights reserved.
api-ms-win-security-systemfunctions-l1-1-0
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
GetCPInfo
fr-CA
fr-CH
fr-LU
GetProcessHeap
535=5Y5d5i5n5
Windows Explorer
4.484T4_4d4i4
1.142G2e2s2!4X4_4d4h4l4p4
@advapi32
:$:*:0:6:<:B:I:P:W:^:e:l:s:{:
1$1/1E1Y1h1G2w2,3
api-ms-win-core-file-l2-1-1
api-ms-win-core-fibers-l1-1-1
NGi1M2^
api-ms-win-core-winrt-l1-1-0
10.0.14393.206
_nextafter
4kuwt{bf
__vectorcall
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
.CRT$XIAC
.CRT$XCAA
.CRT$XIAA
4 4$4(4,4044484<4@4D4H4L4
restrict(
3$3,343<3D3L3T3\3d3l3t3|3
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
1-151_1{1
bs-ba-latn
sr-ba-latn
sr-sp-latn
CONOUT$
Microsoft
tHf9>uC
`H$,gyo
Microsoft Corporation
>$>,>4><>D>L>T>\>d>l>t>|>
sr-ba-cyrl
delete[]
</assembly>
CompanyName
MoG5L <
`.rdata
1+101=1
ProductName
D}{M3sp
`string'
;5pEA
sr-sp-cyrl
0)Lr,sH
Ht$;}
StringFileInfo
FileDescription
FileVersion
InternalName
OriginalFilename
VarFileInfo
.iy|(H
Translation
__eabi
@.data
@HPCA
WideCharToMultiByte
sma-NO
sma-SE
!uHT

Foremost
Matches
0.exe, 91 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll, ole32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 33280
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .gfids, .rsrc, .reloc, .sdfg
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 14.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4653
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll, ole32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2016-10-28 15:15:22
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 3

pushret
.sdfg: 6
.rdata: 1

pushpopmath
.sdfg: 3
.text: 1
.rdata: 3
.reloc: 6

sizeofimage
.text: 2

garbagebytes
.sdfg: 3
.rdata: 1

hookdetection
.sdfg: 2

peb ntglobalflag
.text: 1

software breakpoint
.reloc: 2

programcontrolflowchange
.sdfg: 3
.rdata: 1

AVclass
yakes
1
VirusTotal
md5
8d1bcbf39876e255e93f5deba8ae661c
sha1
afe42554975440116d6ae92877898b4230c212b7
SCANS (DETECTION RATE = 75.00%)
AVG
result: Win32:Malware-gen
update: 20200102
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20200102
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200101
version: 5.101
detected: True check_circle

Bkav
update: 20191231
version: 1.3.0.9899
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20200101
version: 11.85.32920
detected: True check_circle

ALYac
result: Trojan.GenericKD.3654702
update: 20200101
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Malware-gen
update: 20200102
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Yakes.bzyqi
update: 20200101
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.KFLN-0904
update: 20200102
version: 6.2.2.2
detected: True check_circle

DrWeb
update: 20200102
version: 7.0.42.9300
detected: False cancel

GData
result: Trojan.GenericKD.3654702
update: 20200102
version: A:25.24446B:26.17208
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200101
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Dofoil
update: 20191231
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200102
version: 80476
detected: True check_circle

Zoner
update: 20200101
version: 1.0.0.1
detected: False cancel

ClamAV
update: 20200101
version: 0.102.1.0
detected: False cancel

Comodo
result: Malware@#27lqhz6o5x4nx
update: 20200101
version: 31911
detected: True check_circle

F-Prot
result: W32/Trojan2.PBDI
update: 20200102
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan-Downloader.Win32.Zurgop
update: 20200101
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/GenDownloader.aec
update: 20200101
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Undefined!8.C (TFE:5:7DgM4gevrpE)
update: 20200101
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200102
version: 4.98.0
detected: True check_circle

Yandex
update: 20191230
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.Yakes.Win32.60657
update: 20191231
version: 2.0.0.3988
detected: True check_circle

Acronis
update: 20191224
version: 1.1.1.58
detected: False cancel

Alibaba
result: TrojanDownloader:Win32/Zurgop.dd0f64df
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D37C42E
update: 20200101
version: 1.0.0.865
detected: True check_circle

Cylance
result: Unsafe
update: 20200102
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True check_circle

FireEye
result: Generic.mg.8d1bcbf39876e255
update: 20200102
version: 29.7.0.0
detected: True check_circle

Sangfor
update: 20191224
version: 1.0
detected: False cancel

TACHYON
update: 20200102
version: 2020-01-02.01
detected: False cancel

Tencent
update: 20200102
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.S.Agent.93696.IV
update: 20200102
version: 2014.3.20.0
detected: True check_circle

Webroot
result: Trojan.Dropper.Gen
update: 20200102
version: 1.0.0.403
detected: True check_circle

eGambit
result: Generic.Malware
update: 20200102
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.3654702
update: 20200101
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20191220
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.3654702 (B)
update: 20200101
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Yakes.bzyqi
update: 20200101
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Generic.AP.1848CC!tr
update: 20191231
version: 6.2.137.0
detected: True check_circle

Invincea
result: heuristic
update: 20191211
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200101
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200102
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200102
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20191220
version: 1.11.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20191216
version: 3.2.16.890
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Yakes.C1639796
update: 20200101
version: 3.17.0.26111
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Win32.Androm
update: 20200102
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20200101
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Dofoil.AC
update: 20200102
version: 1.1.16600.7
detected: True check_circle

Qihoo-360
result: Win32/Trojan.420
update: 20200102
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20200101
version: 1.0
detected: True check_circle

Cybereason
result: malicious.39876e
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: Win32/TrojanDownloader.Zurgop.CO
update: 20200102
version: 20604
detected: True check_circle

TrendMicro
result: TROJ_SHARIK.YUYJY
update: 20200102
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.3654702
update: 20200102
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20200101
version: 11.85.32919
detected: True check_circle

SentinelOne
update: 20191218
version: 1.12.1.57
detected: False cancel

Avast-Mobile
update: 20191219
version: 191219-00
detected: False cancel

Malwarebytes
result: Trojan.Yakes
update: 20200102
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20200101
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200101
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Yakes.eiebay
update: 20200102
version: 1.0.134.25031
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZexaF.33558.fC0@aiSd2Ili
update: 20191223
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.3654702
update: 20200102
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20191227
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Emotet.nh
update: 20200101
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_SHARIK.YUYJY
update: 20200102
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
94335091159cb2da1cce72e379b10c2149bb87b3fd762619c6a76d138c9f9ff5
scan_id
94335091159cb2da1cce72e379b10c2149bb87b3fd762619c6a76d138c9f9ff5-1577932627
resource
8d1bcbf39876e255e93f5deba8ae661c
positives
54
scan_date
2020-01-02 02:37:07
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/2/2020 - 23:45:48.75Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/2/2020 - 23:45:48.75Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/2/2020 - 23:45:48.75Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/2/2020 - 23:45:48.75Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\malware.exe
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\malware.exe
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\malware.exe
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.122Read1480C:\malware.exeC:\malware.exe
21/2/2020 - 23:45:48.122Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.122Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe:Zone.Identifier
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\PROPSYS.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\malware.exe.Local
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.122Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
21/2/2020 - 23:45:48.122Open1480C:\malware.exeC:\Users\desktop.ini
21/2/2020 - 23:45:48.122Read1480C:\malware.exeC:\Users\desktop.ini
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
21/2/2020 - 23:45:48.137Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
21/2/2020 - 23:45:48.137Read1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
21/2/2020 - 23:45:48.137Read1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
21/2/2020 - 23:45:48.137Read1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.137Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
21/2/2020 - 23:45:48.153Read1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\apphelp.dll
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Windows
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:48.153Unknown1480C:\malware.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.153Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.168Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.168Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.168Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\LINKINFO.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\linkinfo.dll
21/2/2020 - 23:45:48.168Open1480C:\malware.exeC:\Windows\SysWOW64\linkinfo.dll
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.184Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\ntshrui.dll
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\Windows\SysWOW64\ntshrui.dll
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\srvcli.dll
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
21/2/2020 - 23:45:48.184Open1480C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
21/2/2020 - 23:45:48.325Open1480C:\malware.exeC:\cscapi.dll
21/2/2020 - 23:45:48.325Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
21/2/2020 - 23:45:48.325Open1480C:\malware.exeC:\Windows\SysWOW64\cscapi.dll
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\slc.dll
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Windows\SysWOW64\slc.dll
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Windows\SysWOW64\slc.dll
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeHost.lnk
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.372Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeHost.lnk
21/2/2020 - 23:45:48.372Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeHost.lnk
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.387Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeHost.lnkSkypeHost.lnk
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeHost.lnkSkypeHost.lnk
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Monitor
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Monitor
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Windows\System32\propsys.dll
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/2/2020 - 23:45:48.387Open1480C:\malware.exeC:\Windows\System32\propsys.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\version.DLL
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Secur32.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/2/2020 - 23:45:48.403Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe:Zone.Identifier
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Monitor
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Monitor
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.418Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:48.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ui\SwDRM.dll
21/2/2020 - 23:45:48.434Open1480C:\malware.exeC:\netutils.dll
21/2/2020 - 23:45:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
21/2/2020 - 23:45:48.434Open1480C:\malware.exeC:\Windows\SysWOW64\netutils.dll
21/2/2020 - 23:45:48.434Unknown1480C:\malware.exeC:\Windows
21/2/2020 - 23:45:48.434Unknown1480C:\malware.exeC:\Monitor
21/2/2020 - 23:45:48.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\Prefetch\SYSXAPN.EXE-0B199013.pf
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64log.dll
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:48.497Unknown2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:48.497Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Monitor
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:48.684Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
21/2/2020 - 23:45:48.700Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
21/2/2020 - 23:45:48.700Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.DLL
21/2/2020 - 23:45:48.700Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-1.DLL
21/2/2020 - 23:45:48.700Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-1.DLL
21/2/2020 - 23:45:54.981Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\rpcss.dll
21/2/2020 - 23:45:54.981Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\rpcss.dll
21/2/2020 - 23:45:54.981Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\uxtheme.dll
21/2/2020 - 23:45:54.981Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\uxtheme.dll
21/2/2020 - 23:45:55.28Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/2/2020 - 23:45:55.28Unknown2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/2/2020 - 23:45:55.122Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.122Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\apphelp.dll
21/2/2020 - 23:45:55.122Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\apphelp.dll
21/2/2020 - 23:45:55.122Unknown2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.168Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\api-ms-win-appmodel-runtime-l1-1-1.DLL
21/2/2020 - 23:45:55.168Open2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ext-ms-win-kernel32-package-current-l1-1-0.DLL
21/2/2020 - 23:45:55.168Unknown2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.168Unknown2692C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Monitor
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\Prefetch\SYSXAPN.EXE-0B199013.pf
21/2/2020 - 23:45:55.168Read2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\Prefetch\SYSXAPN.EXE-0B199013.pfSYSXAPN.EXE-0B199013.pf
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\Prefetch\SYSXAPN.EXE-0B199013.pfSYSXAPN.EXE-0B199013.pf
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exe\Device\HarddiskVolume2
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\ntdll.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\ntdll.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\kernel32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\kernel32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\kernel32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\kernel32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\user32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\user32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ntdll.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ntdll.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\apisetschema.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\KernelBase.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\locale.nls
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\locale.nls
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ole32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ole32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\msvcrt.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\msvcrt.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\gdi32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\gdi32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\user32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\user32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\advapi32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\advapi32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\rpcrt4.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\rpcrt4.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sspicli.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sspicli.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\cryptbase.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\lpk.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\lpk.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\usp10.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\usp10.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\msctf.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\msctf.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\locale.nls
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\ntdll.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\kernel32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\kernel32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\user32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ntdll.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\ole32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\msvcrt.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\gdi32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\user32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\advapi32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\rpcrt4.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sspicli.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\lpk.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\usp10.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\msctf.dll
21/2/2020 - 23:45:55.168Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exe\Device\HarddiskVolume2
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64win.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64cpu.dll
21/2/2020 - 23:45:55.168Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\System32\wow64log.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.184Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Monitor
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\sechost.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\imm32.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\version.DLL
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\version.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\version.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\winhttp.DLL
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\winhttp.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\winhttp.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Users\Behemot\AppData\Roaming\webio.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\webio.dll
21/2/2020 - 23:45:55.184Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\Windows\SysWOW64\webio.dll
21/2/2020 - 23:46:9.309Open2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\
21/2/2020 - 23:46:9.309Unknown2948C:\Users\Behemot\AppData\Roaming\sysxapn.exeC:\

Process
Trace
21/2/2020 - 23:45:48.418Create1480C:\malware.exe2692C:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.122Create2692C:\Users\Behemot\AppData\Roaming\sysxapn.exe2948C:\Users\Behemot\AppData\Roaming\sysxapn.exe
21/2/2020 - 23:45:55.168Terminate1480C:\malware.exe2692C:\Users\Behemot\AppData\Roaming\sysxapn.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/2/2020 - 23:45:48.403Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/2/2020 - 23:45:48.403Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/2/2020 - 23:45:48.403Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/2/2020 - 23:45:48.403Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/2/2020 - 23:45:48.418Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/2/2020 - 23:45:48.418Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/2/2020 - 23:45:48.418Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/2/2020 - 23:45:48.418Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 79.15%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 97.84%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.50%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 48.81%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 48.06%
suspicious: False cancel

Add to Collection
Download