Report #7760 check_circle

  • Creation Date: Feb. 28, 2020, 2:12 p.m.
  • Last Update: Feb. 28, 2020, 3:02 p.m.
  • File: 1952015.exe
  • Results:
Binary
DLL
False cancel
Size
200.00KB
trid
82.7% Win32 Executable Microsoft Visual Basic 6
6.6% Win32 Dynamic Link Library
4.5% Win32 Executable
2.0% OS/2 Executable
2.0% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
169c2ea71c2c9cada38c222a2706c062
sha1
c7f0618cdfc42dace6d9e35db43f452780f537df
crc32
0xc93d4c6e
sha224
98a5af7a52677d0c89943615f3eee01c6f4fae1ec550c85dd5554530
sha256
cef45b6782e6c47977d34a1ce446ed56182c680b235e43eaab448818b431d0e5
sha384
8f12191e26e6a098a7f07b82a21ffcd791781b1dd20b123cc1773c8f1b8b3a4819a35eb3f5841a13a12b28ef152b52bd
sha512
a57d6dcfc211b53d52b07296a08537fe85f8b915a5fc6101e114bbdcd93d2f0d0b25dff74faf2fa3800b41d5fedc988d52a3a766e9f12637a29e309fb9ac4057
ssdeep
3072:MgasiLV5DYPaBzl/+lx1kAWs9Ts+l2LV5DYPaBzl6asYeTs0Q2Dui0DY7:Mgasi4ElrB4El6asYeVQ2Z0DY7
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
Microsoft_Visual_Basic_v50_additional, domain, SEH__vba, Browsers, HasRichSignature, contentis_base64, ProtectSharewareV11eCompservCMS, IsPE32, Microsoft_Visual_Basic_v50, Microsoft_Visual_Basic_v50_v60, Microsoft_Visual_Basic_v50v60_additional, Microsoft_Visual_Basic_v50v60, Big_Numbers4, IsWindowsGUI, Big_Numbers1, IsPacked

Suspicious
True check_circle

Strings
List
C:\windows\SysWow64\msvbvm60.dll\3
A*\AE:\2014-2015\_Project15\_Project15\_Firefox\Loader\loaderFirefox.vbp
f.cD
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
\Mozilla Firefox\firefox.exe
resources/firefoxext/data/jquery.min.jsPK
resources/firefoxext/data/jquery.min.js
resources/firefoxext/lib/main.jsm
harness-options.json
Wininet.dll
contador2a.exe
111D11715F45554B5F5546117448415C5E435447
locales.json{"locales": []}
bootstrap.js
bootstrap.jsPK
resources/firefoxext/tests/PK
resources/firefoxext/tests/PK
resources/firefoxext/PK
resources/firefoxext/PK
\Mozilla\Firefox\Profiles\
171A1177575E565E54117559435D5C57
install.rdfPK
__vbaOnError
__vbaOnError
7B7F72637D65787E6C1678717278727411667C6A76
625A55545C1F704447595E545944515B56
50444540410D1D1944445F1C4145594E41175C4819505654431F5F43561A5B4E5054544B40455849491C415A4219514340411D5250435E4256584B1A585E5657
1E504E58435C4417574E58435A44174159450E78727C71670A
AppData
7D44435E17595A167953435843115E11734340475B4E58111972434258430A1457080F00530856590706550603500F11
1618187B5E53455A4A585141167F5F45534A595445127D4A415C5844504A
5D5A55031D090752437C0E546658440E5B76777752574C4556505D
171416615E59535D464214785F4C54435B544410744A425556455D43
1E51424159475F59501C4A475E
195642415E4B5E58581649475A
117876717E0D
57585E540B1E1E1E
535153051C0806554B740054645E4308557F78765D54454450535F
HasFirefox
IFirefox
loaderFirefox
loaderFirefox
1F5D5C5A
InstallXPI
InternetOpenUrlA
InternetOpenA
InternetReadFile
Mozilla Firefox
GetTickCount
Sleep
resources/firefoxext/data/background.jsPK
resources/firefoxext/lib/main.jsPK
resources/firefoxext/data/background.js
resources/firefoxext/lib/PK
resources/firefoxext/data/PK
resources/firefoxext/data/PK
resources/firefoxext/lib/PK
EVENT_SINK_QueryInterface
VBA6.DLL
install.rdfmS[o
__vbaR8IntI4
__vbaR8IntI4
__vbaLateMemCallLd
__vbaLateMemCallLd
__vbaLateMemCall
__vbaLateMemCall
__vbaStrI2
__vbaI4Var
__vbaI4Var
__vbaStrI4
__vbaStrI4
__vbaStrI2
__vbaVarLateMemCallLd
__vbaVarLateMemCallLd
__vbaI2I4
__vbaI2I4
__vbaVar2Vec
__vbaVar2Vec
__vbaFpI2
__vbaFpI4
__vbaNew2
__vbaFpI4
__vbaFpI2
__vbaNew2
__vbaErrorOverflow
__vbaErrorOverflow
__vbaSetSystemError
__vbaSetSystemError
locale/PK
locale/PK
locales.jsonPK
__vbaObjSetAddref
__vbaObjSetAddref
SaVP*U0B
SaVP*U0B
__vbaVarOr
__vbaVarOr
_adj_fdivr_m16i
_adj_fdivr_m32i
__vbaVarForNext

Foremost
Matches
310.zip, 42 KB, 0.exe, 200 KB, 28.png, 31 KB, 232.png, 31 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: MSVBVM60.DLL, Wininet.dll, VBA6.DLL
hasFiles: True check_circle
Suspicious: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 106496
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 240566
Suspicous: False cancel

Sections
Allowed: .text, .data, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 6016
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: msvbvm60.dll, wininet.dll
hasLibs: True check_circle
Suspicious: vba6.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-05-18 17:58:47
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual Basic v5.0, Microsoft Visual Basic v5.0 - v6.0

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 45
.text: 20

nopsequence
.text: 24

pushpopmath
.rsrc: 17
.text: 7

ss register
.rsrc: 2
.text: 1

garbagebytes
.rsrc: 20
.text: 10

software breakpoint
.rsrc: 1
.text: 1

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 19
.text: 10

cpuinstructionsresultscomparison
.rsrc: 8
.text: 9

AVclass
banload
1
VirusTotal
md5
169c2ea71c2c9cada38c222a2706c062
sha1
c7f0618cdfc42dace6d9e35db43f452780f537df
SCANS (DETECTION RATE = 69.70%)
AVG
result: HTML:Malware-gen
update: 20180417
version: 18.3.3860.0
detected: True check_circle

CMC
update: 20180417
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20180417
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180410
version: 1.3.0.9466
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20180417
version: 10.45.26847
detected: True check_circle

ALYac
result: Gen:Variant.Graftor.160995
update: 20180417
version: 1.1.1.5
detected: True check_circle

Avast
result: HTML:Malware-gen
update: 20180417
version: 18.3.3860.0
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20180417
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9945
update: 20180417
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.LXUB-3557
update: 20180417
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.PWS.Banker1.16840
update: 20180417
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Graftor.160995
update: 20180417
version: A:25.16763B:25.12052
detected: True check_circle

Panda
result: Trj/Genetic.gen
update: 20180417
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.VB
update: 20180414
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180417
version: 66052
detected: True check_circle

Zoner
update: 20180416
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180417
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Banload-2115
update: 20180417
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180417
version: 28876
detected: False cancel

F-Prot
update: 20180417
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.JS.Banker
update: 20180417
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!169C2EA71C2C
update: 20180417
version: 6.0.6.653
detected: True check_circle

Rising
result: Dropper.Generic!8.35E (TFE:5:Kq7KRjQnFEO)
update: 20180417
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/FakeMS-U
update: 20180417
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.VB!pIWvixNW4tU
update: 20180417
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180417
version: 2.0.0.3537
detected: False cancel

Arcabit
result: Trojan.Graftor.D274E3
update: 20180417
version: 1.0.0.831
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180403
version: 2.1.0
detected: True check_circle

Tencent
result: Win32.Trojan-downloader.Vb.Dyqu
update: 20180417
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180417
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180417
version: 1.0.0.403
detected: False cancel

eGambit
update: 20180417
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Graftor.160995
update: 20180417
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Troj.W32.Generic!c
update: 20180417
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Graftor.160995 (B)
update: 20180417
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Graftor.160995
update: 20180417
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Banload.VVJ!tr
update: 20180417
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
update: 20180417
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180417
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20180417
version: 1.0
detected: False cancel

Symantec
result: Trojan.Gen.2
update: 20180417
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180417
version: 2018-04-17.02
detected: False cancel

AhnLab-V3
result: Downloader/Win32.Generic.C880170
update: 20180417
version: 3.12.0.20656
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win32.VB
update: 20180417
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.VB.blbf
update: 20180417
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/BrobanMos.A
update: 20180417
version: 1.1.14700.5
detected: True check_circle

Qihoo-360
result: HEUR/QVM41.2.Malware.Gen
update: 20180417
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180415
version: 6.8.0.5.2674
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.VB.blbf
update: 20180417
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.VVJ
update: 20180417
version: 17237
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBF18
update: 20180417
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180408
detected: False cancel

BitDefender
result: Gen:Variant.Graftor.160995
update: 20180417
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_100% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180417
version: 10.45.26848
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180417
version: 180417-06
detected: False cancel

Malwarebytes
update: 20180417
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180417
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojanspy.Brobanmos
update: 20180417
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banker1.drwgdq
update: 20180417
version: 1.0.102.22527
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Graftor.160995
update: 20180417
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180417
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Trojan.dc
update: 20180417
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBF18
update: 20180417
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
cef45b6782e6c47977d34a1ce446ed56182c680b235e43eaab448818b431d0e5
scan_id
cef45b6782e6c47977d34a1ce446ed56182c680b235e43eaab448818b431d0e5-1523980488
resource
169c2ea71c2c9cada38c222a2706c062
positives
46
scan_date
2018-04-17 15:54:48
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 14:45:43.965Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.215Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\~DFD9C26F8354D2C416.TMP~DFD9C26F8354D2C416.TMP
28/2/2020 - 14:45:44.262Open1480C:\malware.exeC:\dwmapi.dll
28/2/2020 - 14:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 14:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 14:45:44.543Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.543Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018\k7.bin
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\k7.bin
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Read1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.590Write1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Read1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018\ui\SwDRM.dll
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Open1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.793Unknown1480C:\malware.exeC:\SIN352018\352018.exe
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\Prefetch\352018.EXE-B67BC92B.pf
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\System32\wow64log.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows
28/2/2020 - 14:45:44.856Unknown1820C:\SIN352018\352018.exeC:\Windows
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Monitor
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\SIN352018\MSVBVM60.DLL
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\msvbvm60.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\msvbvm60.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 14:45:44.856Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 14:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 14:45:44.872Unknown1820C:\SIN352018\352018.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 14:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\VB6PT.DLL
28/2/2020 - 14:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 14:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 14:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 14:45:44.872Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\SIN352018\352018.exe.cfg
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\SIN352018\SXS.DLL
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sxs.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\sxs.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_932.NLS
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_949.NLS
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_950.NLS
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\System32\C_936.NLS
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\SIN352018\CRYPTSP.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 14:45:44.934Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.934Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.934Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.934Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Temp\~DF4ECB0220B37C671F.TMP~DF4ECB0220B37C671F.TMP
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\SIN352018\dwmapi.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dwmapi.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\SIN352018\version.DLL
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\SIN352018\Secur32.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\secur32.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\secur32.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 14:45:44.950Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\SIN352018\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 14:45:44.950Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 14:45:44.950Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 14:45:44.950Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\SIN352018\IPHLPAPI.DLL
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\SIN352018\WINNSI.DLL
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\winnsi.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\winnsi.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\SIN352018\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 14:45:44.997Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 14:45:44.997Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\SIN352018\DNSAPI.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 14:45:44.997Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\mswsock.dll
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\mswsock.dll
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
28/2/2020 - 14:45:45.43Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
28/2/2020 - 14:45:45.43Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
28/2/2020 - 14:45:45.184Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 14:45:45.184Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 14:45:45.231Open1820C:\SIN352018\352018.exeC:\SIN352018\rasadhlp.dll
28/2/2020 - 14:45:45.231Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rasadhlp.dll
28/2/2020 - 14:45:45.231Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\rasadhlp.dll
28/2/2020 - 14:45:45.278Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\netprofm.dll
28/2/2020 - 14:45:45.278Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\netprofm.dll
28/2/2020 - 14:45:45.278Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\nlaapi.dll
28/2/2020 - 14:45:45.278Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\nlaapi.dll
28/2/2020 - 14:45:45.325Open1820C:\SIN352018\352018.exeC:\SIN352018\dhcpcsvc6.DLL
28/2/2020 - 14:45:45.325Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
28/2/2020 - 14:45:45.325Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 14:45:45.325Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
28/2/2020 - 14:45:45.325Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 14:45:45.372Open1820C:\SIN352018\352018.exeC:\SIN352018\dhcpcsvc.DLL
28/2/2020 - 14:45:45.372Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dhcpcsvc.dll
28/2/2020 - 14:45:45.372Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dhcpcsvc.dll
28/2/2020 - 14:45:45.372Open1820C:\SIN352018\352018.exeC:\SIN352018\RpcRtRemote.dll
28/2/2020 - 14:45:45.372Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 14:45:45.372Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 14:45:45.372Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\RpcRtRemote.dll
28/2/2020 - 14:45:45.372Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 14:45:45.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
28/2/2020 - 14:45:45.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
28/2/2020 - 14:45:45.497Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\npmproxy.dll
28/2/2020 - 14:45:45.497Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\npmproxy.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\SIN352018\352018.exe.Local
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 14:45:45.590Unknown1820C:\SIN352018\352018.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\WindowsShell.Manifest
28/2/2020 - 14:45:45.590Unknown1820C:\SIN352018\352018.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ws2_32.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ws2_32.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wship6.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.606Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.606Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.606Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wshqos.dll
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\SIN352018\credssp.dll
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\credssp.dll
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\credssp.dll
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\schannel.dll
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\schannel.dll
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:45.903Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:45.903Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:45.903Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:45.903Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\SIN352018\ncrypt.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\SIN352018\bcrypt.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\bcryptprimitives.dll
28/2/2020 - 14:45:46.450Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
28/2/2020 - 14:45:46.450Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\bcryptprimitives.dll
28/2/2020 - 14:45:46.450Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
28/2/2020 - 14:45:46.465Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:46.465Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:46.465Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:46.465Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:46.465Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:46.465Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:46.481Open1820C:\SIN352018\352018.exeC:\SIN352018\GPAPI.dll
28/2/2020 - 14:45:46.481Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\gpapi.dll
28/2/2020 - 14:45:46.481Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\gpapi.dll
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:46.575Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:46.575Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:46.575Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 14:45:46.575Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 14:45:46.575Unknown1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\qagentrt.dll
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 14:45:46.575Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\SIN352018\cryptnet.dll
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\cryptnet.dll
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\cryptnet.dll
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_082D815283257D528E2562294FA2BA49
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\SIN352018\SensApi.dll
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\SensApi.dll
28/2/2020 - 14:45:46.590Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\SensApi.dll
28/2/2020 - 14:45:46.653Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.653Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.653Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.653Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.653Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.653Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.653Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 14:45:46.653Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\SIN352018\WINHTTP.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\winhttp.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\SIN352018\webio.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\webio.dll
28/2/2020 - 14:45:46.731Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
28/2/2020 - 14:45:46.825Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.825Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.825Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.825Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.825Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.965Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.965Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.965Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.965Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:46.965Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:46.965Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:46.965Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_1EA36F1302739BAE9A1F90B0B69ECF7D
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:46.981Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1694560B0C737E58D6701D2EF2176C07
28/2/2020 - 14:45:47.12Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.12Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.12Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.12Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.12Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.12Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.153Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.153Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.153Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.153Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.153Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
28/2/2020 - 14:45:47.325Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Read1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Write1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.325Unknown1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8EAF3BA1CDD96BBC740C9CE3754F348BED_0E8B63031F38A96E2878B92EECD50B8E
28/2/2020 - 14:45:47.372Open1820C:\SIN352018\352018.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 14:45:47.372Open1820C:\SIN352018\352018.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 14:45:47.372Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
28/2/2020 - 14:45:47.372Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
28/2/2020 - 14:45:47.372Open1820C:\SIN352018\352018.exeC:\
28/2/2020 - 14:45:47.372Unknown1820C:\SIN352018\352018.exeC:\
28/2/2020 - 14:45:47.387Open1820C:\SIN352018\352018.exeC:\aspirina.xpi
28/2/2020 - 14:45:47.387Write1820C:\SIN352018\352018.exeC:\aspirina.xpi
28/2/2020 - 14:45:47.387Unknown1820C:\SIN352018\352018.exeC:\aspirina.xpi
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:47.434Unknown1480C:\malware.exeC:\
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Program Files (x86)\Mozilla Firefox
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\ -new-window.exe
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Monitor\ -new-window.exe
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\ -new-window.exe
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\system\ -new-window.exe
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\ -new-window.exe
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\SysWOW64\ -new-window.exe
28/2/2020 - 14:45:47.434Open1480C:\malware.exeC:\Windows\ -new-window.exe
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\SysWOW64\wbem\ -new-window.exe
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ -new-window.exe
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Monitor\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\SysWOW64\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\system\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\SysWOW64\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\SysWOW64\Wbem\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:47.450Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\tzres.dll
28/2/2020 - 14:45:48.387Unknown1820C:\SIN352018\352018.exeC:\
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\SIN352018\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Monitor\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\system\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\wbem\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ -new-window.exe
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\SIN352018\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Monitor\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\system\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\Wbem\ -new-window "file:\aspirina.xpi"
28/2/2020 - 14:45:48.387Open1820C:\SIN352018\352018.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ -new-window "file:\aspirina.xpi"

Process
Trace
28/2/2020 - 14:45:44.793Create1480C:\malware.exe1820C:\SIN352018\352018.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
28/2/2020 - 14:45:44.997Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
28/2/2020 - 14:45:44.997Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
28/2/2020 - 14:45:44.997Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
28/2/2020 - 14:45:44.997Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
28/2/2020 - 14:45:44.997Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
28/2/2020 - 14:45:44.997Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
28/2/2020 - 14:45:45.43Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
28/2/2020 - 14:45:45.43Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
28/2/2020 - 14:45:45.43Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
28/2/2020 - 14:45:45.184Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
28/2/2020 - 14:45:45.497Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 14:45:45.497Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 14:45:45.497Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 14:45:45.497Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 14:45:46.575Write1820C:\SIN352018\352018.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 14:45:46.575Write1820C:\SIN352018\352018.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 14:45:46.575Write1820C:\SIN352018\352018.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 14:45:46.575Write1820C:\SIN352018\352018.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 14:45:46.575Write1820C:\SIN352018\352018.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
28/2/2020 - 14:45:46.887Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 14:45:46.887Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 14:45:46.887Write1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 14:45:46.887Delete1820C:\SIN352018\352018.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code ssl-proxy.my-addr.org.
computer localhost arrow_forward computer gateway:DNS code status.rapidssl.com.
computer localhost arrow_forward computer gateway:50273 code ssl-proxy.my-addr.org.

Response
computer gateway:DNS arrow_forward computer localhost code ssl-proxy.my-addr.org. reply_all 194.247.60.2

computer gateway:DNS arrow_forward computer localhost code status.rapidssl.com. reply_all 192.16.58.8


TCP
Info
192.16.58.8:80 arrow_forward computer localhost:65192
computer localhost:65192 arrow_forward 192.16.58.8:80
192.16.58.8:80 arrow_forward computer localhost:65193
computer localhost:65193 arrow_forward 192.16.58.8:80
computer localhost:65191 arrow_forward 194.247.60.2:443
194.247.60.2:443 arrow_forward computer localhost:65191

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET status.rapidssl.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRhhZrQET0hvbSHUJmNfBKqR%2FiT7wQUU8oXWfxrwAMhLxqu5KqoHIJW2nUCEA3ZmV47KDIs25sqR%2FQrX1o%3D
computer localhost send GET ocsp.digicert.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAilokbNS1yMg9cCtLurU0k%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 78.49%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 73.00%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 66.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 88.36%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 95.43%
suspicious: True check_circle

Add to Collection
Download