Report #7755 check_circle

  • Creation Date: Feb. 28, 2020, 2:12 p.m.
  • Last Update: Feb. 28, 2020, 2:40 p.m.
  • File: 311213d_3.exe
  • Results:
Binary
DLL
False cancel
Size
516.95KB
trid
37.1% UPX compressed Win32 Executable
36.4% Win32 EXE Yoda's Crypter
9.0% Win32 Dynamic Link Library
6.1% Win32 Executable
2.8% Win16/32 Executable Delphi generic
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
257742779dca262783e2cfe9f3df1b6f
sha1
8ee71c08b9d3a7b0df5e0168e9f81f170ec990ef
crc32
0x5ed8af0e
sha224
cfca550250c715959f79b452a976be1c538ce0d373a198f34bd71c4b
sha256
2470f081fa36a6754189c22920a93f822f6547698a860f8ec10d74d648b7d5b0
sha384
31327212256fe2e3b00d1b7e3a0729c3d185f2611d34add67c405e3af350eb9a18d0bbc32400c33b3296bfb3214b8fa8
sha512
2b3a3b39a1f0160fc367f2bc5f98285dab6e85f5c97dbd9d1fa22c74b09af3d646a45fda5039d76601b7dc2df21b844dc90df59c5be2f8c8aedc1c1fe76647a6
ssdeep
12288:MjsvpWVik/984SrPJ1tFhEFZNB9V3p7KmfjMhd4:MjYpZqivPPtF6JB9V3pemfk4
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, UPX_wwwupxsourceforgenet, Netopsystems_FEAD_Optimizer_1, UPX20030XMarkusOberhumerLaszloMolnarJohnReiser, UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser, Borland, screenshot, UPX_290_LZMA_additional, UPX_290_LZMA, UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser, IsPacked, UPX_wwwupxsourceforgenet_additional, IP, contentis_base64, UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser, UPXv20MarkusLaszloReiser, IsPE32, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, UPX, PackerUPX_CompresorGratuito_wwwupxsourceforgenet, IsWindowsGUI, HasDigitalSignature, url, win_registry, HasOverlay, upx_3

Suspicious
True check_circle

Strings
List
http://crl.certum.pl/ca.crl0:
E.AW
https://www.certum.pl/CPS0
https://www.certum.pl/CPS0
tt.Fm
Usage of this certificate is strictly subjected to the CERTUM Certification Practice Statement (CPS) incorporated by reference herein and in the repository at https://www.certum.pl/repository.0
http://crl.certum.pl/l3.crl0a
"http://repository.certum.pl/l3.cer0
http://ocsp.certum.pl0.
66.urlo
SOFTWARE\Borland\De
LA.phpk
comctl32.dll
version.dll
1.0.0.0
1.0.0.0
,BauL{m
?~nda as
DmM7`tW%e
g%s_%dM
,na%d-
e(%%)
A%LE<y
MACOS_MENU_SELECT
|K=http
DBN_DELETE
Cf*ShellAPIE
<requestedPrivileges>
U)Z,2f.In
TPASSWORDDIALOG
~a.mc
GetProcAddress
TSUIPASSWORDDIALOG
HTTP5
ExitProcess
IPersist1P
PROTEIN_FORM_BACKGROUND
ftpi
PROTEIN_TITLE_CLIENT
MACOS_FORM_BACKGROUND
MACOS_TITLE_CLIENT
WINXP_TITLE_CLIENT
TSUIBUILTINFILETHEME
D29E
BLUEGLASS_TITLE_CLIENT
TSUITHEMEMANAGER
DEEPBLUE_TITLE_CLIENT
This program must be run under Win32
ShellExecuteA
VirtualAlloc
VirtualProtect
FONTCOMBO_DEVICE_FNT
LoadLibraryA
C2DA
PROTEIN_TITLE_LEFT
DBN_NEXT
DBN_LAST
FONTCOMBO_TRUETYPE_FNT
PROTEIN_SIDECHENNEL_HANDLE
MACOS_TITLE_LEFT
WINXP_TITLE_LEFT
MACOS_COMBOBOX_BUTTON
WINXP_COMBOBOX_BUTTON
PROTEIN_TRACKBAR_BAR
WINXP_TAB_LINE
BLUEGLASS_TITLE_LEFT
PROTEIN_TAB
BLUEGLASS_SIDECHENNEL_HANDLE
BLUEGLASS_SCROLLBAR_TRACK
PROTEIN_TAB_LINE
BLUEGLASS_SIDECHENNEL_BAR
BLUEGLASS_TRACKBAR_SLIDER
DEEPBLUE_TITLE_LEFT
PROTEIN_TITLEBTN
PROTEIN_CHECKBOX
MACOS_SCROLLBAR_TRACK
MENU_CHECKED
ANSI_CHARSET
MACOS_MENU_BAR
MACOS_TAB_LINE
MACOS_TRACKBAR_BAR
BLUEGLASS_TAB_LINE
PROTEIN_TITLE_RIGHT
DEEPBLUE_SIDECHENNEL_HANDLE
WINXP_TRACKBAR_BAR
MACOS_TITLEBTN
MACOS_CHECKBOX
BLUEGLASS_TAB
MACOS_PROGRESSBAR
PROTEIN_CHECKLIST
DEEPBLUE_TRACKBAR_SLIDER
BLUEGLASS_TRACKBAR_BAR
DEEPBLUE_TRACKBAR_BAR
PROTEIN_PROGRESSBAR
DEEPBLUE_PROGRESSBAR
DEEPBLUE_TAB
WINXP_CHECKBOX
WINXP_TITLEBTN
WINXP_PROGRESSBAR
DEEPBLUE_TAB_LINE

Foremost
Matches
0.exe, 512 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: https://www.certum.pl/repository.0, http://repository.certum.pl/l3.cer0, http://crl.certum.pl/l3.crl0a, http://crl.certum.pl/ca.crl0:, https://www.certum.pl/cps0, http://ocsp.certum.pl0.
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: user32.dll, comctl32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, ole32.dll, KERNEL32.DLL, shell32.dll, version.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 61440
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .rsrc
Suspicious: upx0, upx1
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: True check_circle

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1396688
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, comctl32.dll, advapi32.dll, gdi32.dll, oleaut32.dll, ole32.dll, kernel32.dll, shell32.dll, version.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1992-06-19 19:22:17
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: UPX v0.80 - v0.84, UPX 2.90 (LZMA), UPX -> www.upx.sourceforge.net
Compiled: False cancel
Compilers
MainPacker: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 396
.rsrc: 7

nopsequence
none: 4

pushpopmath
none: 372
.rsrc: 8

garbagebytes
none: 150
.rsrc: 2

hookdetection
none: 14

software breakpoint
none: 20

fakeconditionaljumps
none: 9
.rsrc: 1

programcontrolflowchange
none: 142
.rsrc: 2

cpuinstructionsresultscomparison
none: 20
.rsrc: 18

AVclass
midia
1
VirusTotal
md5
257742779dca262783e2cfe9f3df1b6f
sha1
8ee71c08b9d3a7b0df5e0168e9f81f170ec990ef
SCANS (DETECTION RATE = 78.79%)
AVG
result: Win32:Downloader-UYW [PUP]
update: 20180324
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180324
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.HfsAdware.A95B
update: 20180322
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Adware ( 004ae5401 )
update: 20180323
version: 10.42.26598
detected: True check_circle

ALYac
result: Gen:Variant.Ursu.129348
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:Downloader-UYW [PUP]
update: 20180324
version: 18.2.3827.0
detected: True check_circle

Avira
update: 20180323
version: 8.3.3.6
detected: False cancel

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9986
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/A-7207b9d7!Eldorado
update: 20180324
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.Fraudster.1513
update: 20180324
version: 7.0.28.2020
detected: True check_circle

GData
result: Win32.Trojan-Downloader.Agent.BP
update: 20180324
version: A:25.16483B:25.11862
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.Delf
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
update: 20180324
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180324
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: ApplicUnwnt
update: 20180323
version: 28733
detected: True check_circle

F-Prot
result: W32/A-7207b9d7!Eldorado
update: 20180324
version: 4.7.1.166
detected: True check_circle

Ikarus
result: PUA.Midia
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!257742779DCA
update: 20180324
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180324
version: 25.0.0.1
detected: False cancel

Sophos
result: Generic PUA IO (PUA)
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.PWS.Lohmys!
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Adware.MidiaCRTD.Win32.8412
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Ursu.D1F944
update: 20180324
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180324
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (moderate confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-banker.Lohmys.Hqlr
update: 20180324
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180324
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Ursu.129348
update: 20180324
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: AdWare.W32.Midia.myeZ
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Ursu.129348 (B)
update: 20180324
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Ursu.129348
update: 20180324
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Lohmys.A!tr
update: 20180324
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Trojan.Banker.Lohmys.bb
update: 20180324
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180324
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180324
version: 1.0
detected: True check_circle

Symantec
result: PUA.Gen.2
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: PUP/Win32.Midia.R182630
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Banker]/Win32.Lohmys
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Banker.Win32.Lohmys.a
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180324
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.Adware.507
update: 20180324
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Banker.Win32.Lohmys.a
update: 20180324
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Win32/AdWare.Midia.D
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0GBF18
update: 20180324
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Variant.Ursu.129348
update: 20180324
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_60% (D)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Adware ( 004ae5401 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
result: PUP.Optional.BundleInstaller
update: 20180323
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanBanker.Lohmys.E8
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Lohmys.dxalgt
update: 20180324
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Ursu.129348
update: 20180324
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
result: PUP.Midia/Variant
update: 20180323
version: 5.6.0.1032
detected: True check_circle

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0GBF18
update: 20180324
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
2470f081fa36a6754189c22920a93f822f6547698a860f8ec10d74d648b7d5b0
scan_id
2470f081fa36a6754189c22920a93f822f6547698a860f8ec10d74d648b7d5b0-1521853525
resource
257742779dca262783e2cfe9f3df1b6f
positives
52
scan_date
2018-03-24 01:05:25
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 13:45:44.715Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 13:45:44.715Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 13:45:44.778Open2308C:\malware.exeC:\Windows\Fonts\arialbd.ttf
28/2/2020 - 13:45:44.778Open2308C:\malware.exeC:\Windows\Fonts\arialbd.ttf
28/2/2020 - 13:45:44.778Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 13:45:45.75Open2308C:\malware.exeC:\Windows\Fonts\arial.ttf
28/2/2020 - 13:45:45.75Open2308C:\malware.exeC:\Windows\Fonts\arial.ttf
28/2/2020 - 13:45:45.122Read2308C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 13:45:45.356Open2308C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
28/2/2020 - 13:45:45.356Open2308C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 13:45:45.356Open2308C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:45:45.356Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.372Unknown2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.372Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.372Unknown2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.372Open2308C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 13:45:45.372Open2308C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\shell32.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.387Unknown2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\apphelp.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Secur32.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\secur32.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\secur32.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:45.387Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 13:45:45.387Unknown2308C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 13:45:45.387Open2308C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 13:45:45.387Unknown2308C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\IPHLPAPI.DLL
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\WINNSI.DLL
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\DNSAPI.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 13:45:45.465Open2308C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 13:45:45.528Open2308C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
28/2/2020 - 13:45:45.528Open2308C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
28/2/2020 - 13:45:45.528Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 13:45:45.528Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 13:45:45.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
28/2/2020 - 13:45:45.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
28/2/2020 - 13:45:45.637Open2308C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
28/2/2020 - 13:45:45.637Open2308C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
28/2/2020 - 13:45:45.637Open2308C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
28/2/2020 - 13:45:45.637Open2308C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\dhcpcsvc6.DLL
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
28/2/2020 - 13:45:45.684Unknown2308C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
28/2/2020 - 13:45:45.684Unknown2308C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\MSHTML.dll
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\Windows\SysWOW64\mshtml.dll
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\Users\Behemot\Desktop
28/2/2020 - 13:45:45.684Unknown2308C:\malware.exeC:\Users\Behemot\Desktop
28/2/2020 - 13:45:45.684Open2308C:\malware.exeC:\Users\Behemot\Desktop\CONTAPRIME.url
28/2/2020 - 13:45:45.684Write2308C:\malware.exeC:\Users\Behemot\Desktop\CONTAPRIME.urlCONTAPRIME.url
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\RpcRtRemote.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 13:45:45.762Unknown2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 13:45:45.762Unknown2308C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\dhcpcsvc.DLL
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
28/2/2020 - 13:45:45.762Open2308C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
28/2/2020 - 13:45:45.825Open2308C:\malware.exeC:\rasadhlp.dll
28/2/2020 - 13:45:45.825Open2308C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
28/2/2020 - 13:45:45.825Open2308C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
28/2/2020 - 13:45:45.872Open2308C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
28/2/2020 - 13:45:45.872Open2308C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
28/2/2020 - 13:45:46.840Open2308C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
28/2/2020 - 13:45:46.840Open2308C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\malware.exe.Local
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:46.950Unknown2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:46.950Open2308C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 13:45:47.75Open2308C:\malware.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 13:45:47.75Open2308C:\malware.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 13:45:47.278Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.278Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.278Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.278Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.278Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.278Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.340Open2308C:\malware.exeC:\credssp.dll
28/2/2020 - 13:45:47.340Open2308C:\malware.exeC:\Windows\SysWOW64\credssp.dll
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Windows\SysWOW64\credssp.dll
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Windows\SysWOW64\schannel.dll
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Windows\SysWOW64\schannel.dll
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.356Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.356Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.356Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.356Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\ncrypt.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\bcrypt.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
28/2/2020 - 13:45:47.559Unknown2308C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
28/2/2020 - 13:45:47.559Open2308C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
28/2/2020 - 13:45:47.559Unknown2308C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
28/2/2020 - 13:45:47.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.575Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.575Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.575Open2308C:\malware.exeC:\GPAPI.dll
28/2/2020 - 13:45:47.575Open2308C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
28/2/2020 - 13:45:47.575Open2308C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.668Unknown2308C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 13:45:47.668Unknown2308C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 13:45:47.668Unknown2308C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\cryptnet.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
28/2/2020 - 13:45:47.668Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_5FA8E5E800867BF860DF5E533E701BAF
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\SensApi.dll
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
28/2/2020 - 13:45:47.684Open2308C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
28/2/2020 - 13:45:47.731Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.731Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.731Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.731Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.731Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:47.731Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\WINHTTP.dll
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\webio.dll
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 13:45:47.778Open2308C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
28/2/2020 - 13:45:47.965Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.965Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.965Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.965Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:47.965Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Read2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Read2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Read2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_F8C899AD5B7B53D12550842F8019D6FD
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.28Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\521F25E202FF760B8461B88413F425E7
28/2/2020 - 13:45:48.75Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.75Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.75Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.75Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.75Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.75Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.215Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.215Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.215Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.215Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.215Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 13:45:48.262Open2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Read2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Read2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Read2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Write2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C
28/2/2020 - 13:45:48.262Unknown2308C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85CBE8B021F9E811DFC8C8A28572A17C05A_375B7F179C25C4C237293A604A6DE85C

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
28/2/2020 - 13:45:45.387Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
28/2/2020 - 13:45:45.465Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
28/2/2020 - 13:45:45.465Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
28/2/2020 - 13:45:45.465Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
28/2/2020 - 13:45:45.465Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
28/2/2020 - 13:45:45.465Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
28/2/2020 - 13:45:45.465Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
28/2/2020 - 13:45:45.575Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
28/2/2020 - 13:45:45.575Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
28/2/2020 - 13:45:45.575Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
28/2/2020 - 13:45:45.872Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 13:45:45.872Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 13:45:45.872Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 13:45:45.872Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
28/2/2020 - 13:45:47.278Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 13:45:47.278Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 13:45:47.278Write2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 13:45:47.278Delete2308C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 13:45:47.668Write2308C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:47.668Write2308C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:47.668Write2308C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:47.668Write2308C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:47.668Write2308C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 13:45:47.668Delete2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
28/2/2020 - 13:45:47.668Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob
28/2/2020 - 13:45:47.668Delete2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates75E0ABB6138512271C04F85FDDDE38E4B7242EFE
28/2/2020 - 13:45:47.668Write2308C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFEBlob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code ocsp.pki.goog.
computer localhost arrow_forward computer gateway:50273 code goo.gl.
computer localhost arrow_forward computer gateway:DNS code goo.gl.

Response
computer gateway:DNS arrow_forward computer localhost code goo.gl. reply_all 216.58.202.174

computer gateway:DNS arrow_forward computer localhost code ocsp.pki.goog. reply_all 216.58.202.131


TCP
Info
computer localhost:65191 arrow_forward 216.58.202.174:80
computer localhost:65192 arrow_forward 216.58.202.174:443
216.58.202.174:443 arrow_forward computer localhost:65192
216.58.202.174:80 arrow_forward computer localhost:65191
computer localhost:65193 arrow_forward 216.58.202.131:80
216.58.202.131:80 arrow_forward computer localhost:65193

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ocsp.pki.goog attach_file /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
computer localhost send GET ocsp.pki.goog attach_file /gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDu3mVgzTXArwIAAAAAWXG3
computer localhost send GET goo.gl attach_file /sN9EQK

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 89.41%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.63%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 60.38%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 94.59%
suspicious: False cancel

Add to Collection
Download