Report #7759 check_circle

  • Creation Date: Feb. 28, 2020, 2:12 p.m.
  • Last Update: Feb. 28, 2020, 2:58 p.m.
  • File: 1852015.exe
  • Results:
Binary
DLL
False cancel
Size
188.00KB
trid
82.7% Win32 Executable Microsoft Visual Basic 6
6.6% Win32 Dynamic Link Library
4.5% Win32 Executable
2.0% OS/2 Executable
2.0% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
306d8f87aca64252bb87af7d6fa4135a
sha1
94ea7a6eb40cb54f67ccc03957a4dafc9c204ec4
crc32
0x33da06cc
sha224
4b7ec1024500dfd50653cddfef638058085eed2741b4c6d367979755
sha256
7e9225d408a10d20d875ee04260ce1a638189d2911f28825ebbcc7efb39aa62e
sha384
f14cd4979ba5a619d9a58f8953f8a74aba103b94b43da8046cd0b17463730937f6c2ac106ae067cdad66c87e488f301f
sha512
b9b8dd3a8f634d295f81d8ec9aa09759cfb06d7b4fcaa6f0ca8f2765710f72f959c6316593c9b533a810eb619bbf263dc3ead1a409edeb175e428d4b2a26fcf1
ssdeep
3072:c1gasiLV5DYPaBzl/+lmyUc+l2LV5DYPaBzl6asYeTs0Q2Dui0DY7:4gasi4Ely4El6asYeVQ2Z0DY7
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
Microsoft_Visual_Basic_v50_additional, domain, SEH__vba, Browsers, HasRichSignature, contentis_base64, ProtectSharewareV11eCompservCMS, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, Big_Numbers4, IsWindowsGUI, IsPacked

Suspicious
True check_circle

Strings
List
C:\windows\SysWow64\msvbvm60.dll\3
A*\AE:\2014-2015\_Project15\_Project15\_Firefox\Loader\loaderFirefox.vbp
f.cD
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
\Mozilla Firefox\firefox.exe
resources/firefoxext/data/jquery.min.jsPK
resources/firefoxext/data/jquery.min.js
resources/firefoxext/lib/main.jsm
harness-options.json
Wininet.dll
Cliente1.exe
locales.json{"locales": []}
bootstrap.js
bootstrap.jsPK
resources/firefoxext/tests/PK
resources/firefoxext/tests/PK
resources/firefoxext/PK
resources/firefoxext/PK
\Mozilla\Firefox\Profiles\
install.rdfPK
__vbaOnError
__vbaOnError
504043474B0C19194B4654194745574E4F18554C155553534A1859445F1A554D56535C444644574D411A475F48195E424C45175756455543585F421B515A5158
1E5144514A564A1E50415F4A5E431C4851490678757A77680C
AppData
7D414A5A11535D16795A4A5141185A117340474D514E5713107043405D4402185E010B0050085453060A5C0F0E550E1C
5B595C06140905504A7B0655625B4201547E7070595D434151555A
5C5F52091A0C0C5B437E0753625C4A0E577E797158554246575B5C
17574B425E45505E561E404651
5952545C545705080A04060D06
185C061E5A585F
195E0F1A545E56
5B555E55584D5208
720A6C62787D
HasFirefox
IFirefox
loaderFirefox
loaderFirefox
InstallXPI
InternetOpenA
InternetOpenUrlA
InternetReadFile
Mozilla Firefox
GetTickCount
Sleep
resources/firefoxext/data/background.jsPK
resources/firefoxext/lib/main.jsPK
resources/firefoxext/data/background.js
resources/firefoxext/lib/PK
resources/firefoxext/data/PK
resources/firefoxext/lib/PK
resources/firefoxext/data/PK
EVENT_SINK_QueryInterface
VBA6.DLL
install.rdfmS[o
__vbaR8IntI4
__vbaR8IntI4
__vbaStrI2
__vbaStrI4
__vbaI4Var
__vbaStrI2
__vbaI4Var
__vbaStrI4
__vbaI2I4
__vbaI2I4
8ADAPA\A
__vbaVar2Vec
__vbaVar2Vec
__vbaFpI4
__vbaFpI2
__vbaNew2
__vbaNew2
__vbaFpI4
__vbaFpI2
__vbaErrorOverflow
__vbaErrorOverflow
__vbaSetSystemError
__vbaSetSystemError
locale/PK
locale/PK
locales.jsonPK
SaVP*U0B
SaVP*U0B
__vbaVarOr
__vbaVarOr
_adj_fdivr_m32i
_adj_fdivr_m16i
__vbaFreeStrList
__vbaFreeObjList
__vbaStrVarMove
__vbaStrVarMove
__vbaFreeVarList
__vbaFreeVarList
__vbaVarForNext
__vbaFreeObjList
__vbaFreeStrList
__vbaVarForInit
__vbaVarForNext
__vbaVarForInit
_adj_fdiv_m32i

Foremost
Matches
286.zip, 42 KB, 0.exe, 188 KB, 27.png, 31 KB, 208.png, 31 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MSVBVM60.DLL, Wininet.dll, VBA6.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 106496
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5572
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: msvbvm60.dll, wininet.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-05-18 00:59:15
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0, Microsoft Visual Basic v5.0 - v6.0

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 45
.text: 20

nopsequence
.text: 19

pushpopmath
.rsrc: 17
.text: 7

ss register
.rsrc: 2
.text: 1

garbagebytes
.rsrc: 20
.text: 10

software breakpoint
.rsrc: 1
.text: 1

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 19
.text: 10

cpuinstructionsresultscomparison
.rsrc: 8
.text: 9

AVclass
banload
1
VirusTotal
md5
306d8f87aca64252bb87af7d6fa4135a
sha1
94ea7a6eb40cb54f67ccc03957a4dafc9c204ec4
SCANS (DETECTION RATE = 75.76%)
AVG
result: HTML:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20180324
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004b75761 )
update: 20180323
version: 10.42.26598
detected: True check_circle

ALYac
result: Gen:Variant.Graftor.160995
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: HTML:Malware-gen
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9951
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.RPOE-4544
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.PWS.Banker1.16840
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Graftor.160995
update: 20180323
version: A:25.16481B:25.11861
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.VB
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65478
detected: True check_circle

Zoner
update: 20180324
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Banload-2115
update: 20180323
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180323
version: 28733
detected: False cancel

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Dropper
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!306D8F87ACA6
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Dropper.Generic!8.35E (TFE:5:ZRSTpJ1sTtM)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/FakeMS-U
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.VB!bLOiseq0oSk
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.62782
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Graftor.D274E3
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180324
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-downloader.Vb.Lhdl
update: 20180324
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
result: Unsafe.AI_Score_97%
update: 20180324
version: v4.3.5
detected: True check_circle

Ad-Aware
result: Gen:Variant.Graftor.160995
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.W32.Generic!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Graftor.160995 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180323
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Banload.VGH!tr
update: 20180323
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
update: 20180323
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180324
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180324
version: 1.0
detected: True check_circle

Symantec
result: Downloader
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180323
version: 2018-03-23.02
detected: False cancel

AhnLab-V3
result: Downloader/Win32.Generic.C880170
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win32.VB
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.VB.blbb
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/Bancos
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM41.2.Malware.Gen
update: 20180324
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.VB.blbb
update: 20180323
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.VGH
update: 20180323
version: 17107
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBG18
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Variant.Graftor.160995
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 004b75761 )
update: 20180323
version: 10.42.26598
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-04
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanSpy.Bancos
update: 20180323
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.drvdag
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Graftor.160995
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.cc
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBG18
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
7e9225d408a10d20d875ee04260ce1a638189d2911f28825ebbcc7efb39aa62e
scan_id
7e9225d408a10d20d875ee04260ce1a638189d2911f28825ebbcc7efb39aa62e-1521847601
resource
306d8f87aca64252bb87af7d6fa4135a
positives
50
scan_date
2018-03-23 23:26:41
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 13:45:43.903Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.153Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DF7EFF59593A9A4E02.TMP~DF7EFF59593A9A4E02.TMP
28/2/2020 - 13:45:44.200Open1480C:\malware.exeC:\dwmapi.dll
28/2/2020 - 13:45:44.200Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 13:45:44.200Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 13:45:44.481Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.481Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018\k7.bin
28/2/2020 - 13:45:44.528Write1480C:\malware.exeC:\SIN352018\k7.bin
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.528Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Read1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018\ui\SwDRM.dll
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.731Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\Prefetch\352018.EXE-B67BC92B.pf
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64log.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows
28/2/2020 - 13:45:44.793Unknown1820C:\SIN352018\352018.exeC:\Windows
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Monitor
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\SIN352018\MSVBVM60.DLL
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\msvbvm60.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\msvbvm60.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 13:45:44.793Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 13:45:44.809Open1820C:\SIN352018\352018.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 13:45:44.809Unknown1820C:\SIN352018\352018.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 13:45:44.809Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\VB6PT.DLL
28/2/2020 - 13:45:44.809Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 13:45:44.809Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 13:45:44.809Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 13:45:44.809Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\SIN352018\352018.exe.cfg
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\SIN352018\SXS.DLL
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sxs.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sxs.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_932.NLS
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_949.NLS
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_950.NLS
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_936.NLS
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\SIN352018\CRYPTSP.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 13:45:44.872Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.872Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.872Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.872Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF725739C6D0699F5C.TMP~DF725739C6D0699F5C.TMP
28/2/2020 - 13:45:44.887Open1820C:\SIN352018\352018.exeC:\SIN352018\dwmapi.dll
28/2/2020 - 13:45:44.887Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 13:45:44.887Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 13:45:44.887Open1820C:\SIN352018\352018.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 13:45:44.887Open1820C:\SIN352018\352018.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 13:45:44.887Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
28/2/2020 - 13:45:44.887Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 13:45:44.887Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 13:45:44.887Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 13:45:45.809Open1480C:\malware.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 13:45:45.809Open1480C:\malware.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 13:45:45.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:46.375Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:47.299Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:47.882Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:48.804Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:49.382Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:50.304Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:50.882Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:51.804Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:52.382Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:53.304Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:53.882Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:54.820Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:55.414Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:56.320Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:56.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:57.820Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:58.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:59.335Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:45:59.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:0.835Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:1.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:2.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:2.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:3.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:4.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:5.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:5.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:6.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:7.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:8.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:8.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:9.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:10.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:11.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:11.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:12.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:13.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:14.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:14.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:15.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:16.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:17.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:17.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:18.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:19.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:20.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:20.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:21.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:22.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:23.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:23.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:24.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:25.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:26.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:26.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:27.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:28.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:29.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:29.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:30.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:31.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:32.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:32.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:33.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:34.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:35.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:35.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:36.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:37.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:38.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:38.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:39.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:40.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:41.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:41.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:42.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:43.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:44.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:44.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:45.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:46.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:47.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:47.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:48.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:49.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:50.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:50.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:51.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:52.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:53.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:53.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:54.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:55.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:56.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:56.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:57.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:58.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:59.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:46:59.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:0.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:1.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:2.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:2.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:3.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:4.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:5.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:5.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:6.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:7.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:8.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:8.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:9.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:10.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:11.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:11.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:12.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:13.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:14.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:14.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:15.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:16.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:17.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:17.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:18.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:19.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:20.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:20.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:21.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:22.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:23.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:23.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:24.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:25.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:26.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:26.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:27.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:28.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:29.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:29.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:30.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:31.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:32.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:32.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:33.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:34.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:35.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:35.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:36.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:37.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:38.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:38.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:39.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:40.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:41.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:41.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:42.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:43.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:44.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:44.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:45.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:46.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:47.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:47.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:48.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:49.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:50.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:50.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:51.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:52.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:53.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:53.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:54.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:55.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:56.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:56.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:57.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:58.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:59.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:47:59.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:0.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:1.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:2.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:2.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:3.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:4.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:5.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:5.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:6.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:7.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:8.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:8.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:9.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:10.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:11.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:11.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:12.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:13.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:14.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:14.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:15.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:16.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:17.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:17.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:18.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:19.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:20.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:20.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:21.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:22.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:23.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:23.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:24.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:25.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:26.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:26.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:27.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:28.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:29.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:29.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:30.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:31.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:32.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:32.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:33.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:34.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:35.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:35.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:36.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:37.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:38.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:38.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:39.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:40.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:41.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:41.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:42.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:43.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:44.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:44.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:45.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:46.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:47.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:47.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:48.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:49.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:50.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:50.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:51.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:52.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:53.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:53.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:54.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:55.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:56.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:56.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:57.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:58.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:59.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:48:59.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:0.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:1.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:2.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:2.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:3.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:4.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:5.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:5.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:6.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:7.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:8.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:8.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:9.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:10.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:11.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:11.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:12.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:13.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:14.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:14.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:15.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:16.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:17.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:17.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:18.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:19.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:20.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:20.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:21.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:22.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:23.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:23.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:24.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:25.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:26.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:26.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:27.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:28.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:29.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:29.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:30.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:31.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:32.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:32.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:33.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:34.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:35.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:35.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:36.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:37.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:38.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:38.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:39.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:40.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:41.351Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:41.929Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:42.851Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 13:49:43.429Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\

Process
Trace
28/2/2020 - 13:45:44.731Create1480C:\malware.exe1820C:\SIN352018\352018.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 78.53%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 77.02%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.39%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.41%
suspicious: True check_circle

Add to Collection
Download