Report #7945 check_circle

Binary
DLL
False cancel
Size
1.04MB
trid
72.3% Win64 Executable
11.8% Win32 Executable
5.3% OS/2 Executable
5.2% Generic Win/DOS Executable
5.2% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
6438ad4bb5a69bf7b1f0259c73163021
sha1
35de3d49a02e5bd44056a12d00c7987d44a5fdfe
crc32
0xa38ad2b3
sha224
a5e52eba2f7147c6b8a91b09db029614b9aeb4529caaefad00d9a703
sha256
5e93cf2eed16e0a785a03ad591f3a02cf2ed88a395d7511da9e182147e51a41b
sha384
839e25cbad5b1b8df98195e9d0f4844389220bfa0cbc87de0c4ded97aef42dfd29a27bf444d97aa23c84dd140115ffe9
sha512
21bf33df97140510d3b58b6b62042e02bc18f3b8161495f8a281b9f8ed460f40e11b105698b2d66d3c888d6730f7fde4d85cfea15b300947d27487aca5938965
ssdeep
12288:Ntb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgawTRiei3uGGkjqaaMOim:Ntb20pkaCqT5TBWgNQ7aIRiOO9ox6A
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDebugData, CRC32_poly_Constant, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, CRC32_table, network_http, win_files_operation, IsPE32, AutoIT_compiled_script, screenshot, IP, contentis_base64, keylogger, win_token, AutoIt, IsWindowsGUI, inject_thread, anti_dbg, Microsoft_Visual_Cpp_8, win_registry

Suspicious
True check_circle

Strings
List
s.aD
TE.tt
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
Gt.Ht$
WSOCK32.dll
Software\AutoIt v3\AutoIt
V4.slr
COMCTL32.dll
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
UxTheme.dll
0.0.0.0
MPR.dll
AUTOITCALLVARIABLE%d
255.255.255.255
SeDebugPrivilege
SeRestorePrivilege
<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<
\Include\
fr-ch
fr-be
fr-ca
c7sO
4%|8e
/%ECED-T
PI%A/
%ET&h
This is a third-party compiled AutoIt script.
BACKSPACE
%cel(ku
rOfD
Hebrew
TaskbarCreated
Include
HOTKEYPRESSED
HOTKEYSET
e%hAk
number is too big
regular expression is too large
invalid range in character class
too many forward references
closed
failed to get memory
\ at end of pattern
\c at end of pattern
two named subpatterns have the same name
BROWSER_SEARCH
HKEY_CLASSES_ROOT
TCPSHUTDOWN
BROWSER_REFRESH
AutoIt has detected the stack has become corrupt.
BROWSER_FORWARD
BROWSER_BACK
BROWSER_STOP
BROWSER_HOME
LAUNCH_MAIL
BROWSER_FAVORTIES
HKEY_LOCAL_MACHINE
Line %d (File "%s"):
VOLUME_UP
VOLUME_DOWN
VOLUME_MUTE
] is an invalid data character in JavaScript compatibility mode
LAUNCH_MEDIA
SOFTWARE\Classes\
Line %d:
TCPLISTEN
FtpOpenFileW
SYSTEM\CurrentControlSet\Control\Nls\Language
FtpGetFileSize
FTPSETPROXY
SW_HIDE
AUTOITWINGETTITLE
GETCURRENTSELECTION
TCPCLOSESOCKET
TCPCONNECT
HTTPSETUSERAGENT
GETSELECTED
GETSELECTEDCOUNT
HTTPSETPROXY
WINGETCLASSLIST
CWM_GETCONTROLNAME
Control Panel\Mouse
Control Panel\Appearance
HttpOpenRequestW
HttpSendRequestW
/AutoIt3OutputDebug
mscoree.dll
LAUNCH_APP2
LAUNCH_APP1
WIN_VISTA
SeShutdownPrivilege
SeBackupPrivilege
SeIncreaseQuotaPrivilege
/AutoIt3ExecuteLine
SeAssignPrimaryTokenPrivilege
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
AUTOIT.ERROR

Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, ADVAPI32.dll, OLEAUT32.dll, VERSION.dll, UxTheme.dll, SHELL32.dll, PSAPI.DLL, COMCTL32.dll, ole32.dll, IPHLPAPI.DLL, WININET.dll, WSOCK32.dll, USERENV.dll, WINMM.dll, GDI32.dll, COMDLG32.dll, MPR.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 518144
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1022280
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 155508
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match., The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, advapi32.dll, oleaut32.dll, version.dll, uxtheme.dll, shell32.dll, psapi.dll, comctl32.dll, ole32.dll, wininet.dll, wsock32.dll, userenv.dll, winmm.dll, gdi32.dll, comdlg32.dll, mpr.dll
hasLibs: True check_circle
Suspicious: iphlpapi.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-07-29 22:44:42
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1
.rsrc: 125
.text: 2
.rdata: 10

nopsequence
.text: 1

pushpopmath
.rsrc: 56
.text: 30
.rdata: 6
.reloc: 17

ss register
.rsrc: 1

garbagebytes
.data: 1
.rsrc: 56
.text: 2
.rdata: 5

hookdetection
.rsrc: 8
.rdata: 3
.reloc: 4

stealthimport
.text: 1

software breakpoint
.rsrc: 3
.text: 4
.rdata: 1
.reloc: 5

fakeconditionaljumps
.rsrc: 7

programcontrolflowchange
.data: 1
.rsrc: 49
.text: 2
.rdata: 5

cpuinstructionsresultscomparison
.rsrc: 7
.rdata: 8

AVclass
autoit
1
VirusTotal
md5
6438ad4bb5a69bf7b1f0259c73163021
sha1
35de3d49a02e5bd44056a12d00c7987d44a5fdfe
SCANS (DETECTION RATE = 62.50%)
AVG
result: Autoit.GG
update: 20151025
version: 16.0.0.4450
detected: True check_circle

CMC
update: 20151026
version: 1.1.0.977
detected: False cancel

Bkav
result: W32.HfsAtSTIL.497C
update: 20151025
version: 1.3.0.7383
detected: True check_circle

K7GW
result: Trojan ( 004c84c41 )
update: 20151026
version: 9.212.17644
detected: True check_circle

ALYac
update: 20151026
version: 1.0.1.4
detected: False cancel

Avast
result: Win32:Malware-gen
update: 20151026
version: 8.0.1489.320
detected: True check_circle

Avira
result: DR/Autoit.A.11423
update: 20151025
version: 8.3.2.2
detected: True check_circle

Cyren
update: 20151026
version: 5.4.16.7
detected: False cancel

DrWeb
result: Trojan.DownLoader11.33788
update: 20151026
version: 7.0.16.10090
detected: True check_circle

GData
result: AIT:Trojan.Autoit.CKU
update: 20151026
version: 25
detected: True check_circle

Panda
result: Trj/CI.A
update: 20151025
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Autoit
update: 20151023
version: 3.12.26.4
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20151026
version: 44820
detected: True check_circle

Zoner
update: 20151026
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20151026
version: 1.5.0.21
detected: True check_circle

ClamAV
update: 20151026
version: 0.98.5.0
detected: False cancel

Comodo
update: 20151026
version: 23475
detected: False cancel

F-Prot
update: 20151026
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.Injector
update: 20151026
version: T3.1.9.5.0
detected: True check_circle

McAfee
result: Artemis!6438AD4BB5A6
update: 20151026
version: 6.0.6.653
detected: True check_circle

Rising
update: 20151025
version: 25.0.0.17
detected: False cancel

Sophos
update: 20151029
version: 4.98.0
detected: False cancel

Zillya
update: 20151025
version: 2.0.0.2472
detected: False cancel

Agnitum
update: 20151025
version: 5.5.1.3
detected: False cancel

Alibaba
update: 20151026
version: 1.0
detected: False cancel

Arcabit
result: AIT:Trojan.Autoit.CKU
update: 20151026
version: 1.0.0.585
detected: True check_circle

Tencent
result: Win32.Trojan.Autoit.Wmiy
update: 20151026
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20151026
version: 2014.3.20.0
detected: False cancel

Ad-Aware
result: AIT:Trojan.Autoit.CKU
update: 20151026
version: 12.0.163.0
detected: True check_circle

AegisLab
update: 20151025
version: 1.5
detected: False cancel

ByteHero
update: 20151026
version: 1.0.0.1
detected: False cancel

Emsisoft
result: AIT:Trojan.Autoit.CKU (B)
update: 20151026
version: 3.5.0.642
detected: True check_circle

F-Secure
result: AIT:Trojan.Autoit.CKU
update: 20151023
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: W32/Autoit.BPN!tr
update: 20151026
version: 5.1.220.0
detected: True check_circle

Jiangmin
update: 20151025
version: 16.0.100
detected: False cancel

Symantec
result: Trojan.Gen.X
update: 20151025
version: 20141.2.0.56
detected: True check_circle

nProtect
result: Trojan-Dropper/W32.FrauDrop.1090048
update: 20151023
version: 2015-10-23.01
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Agent
update: 20151026
version: 2015.10.26.04
detected: True check_circle

Antiy-AVL
update: 20151026
version: 1.0.0.1
detected: False cancel

Kaspersky
result: Trojan.Win32.Autoit.esi
update: 20151026
version: 15.0.1.10
detected: True check_circle

Microsoft
result: Trojan:Win32/Skeeyah.A!rfn
update: 20151026
version: 1.1.12205.0
detected: True check_circle

Qihoo-360
result: HEUR/QVM10.1.Malware.Gen
update: 20151026
version: 1.0.0.1015
detected: True check_circle

TheHacker
update: 20151026
version: 6.8.0.5.708
detected: False cancel

ESET-NOD32
result: a variant of Win32/Injector.Autoit.BPN
update: 20151026
version: 12464
detected: True check_circle

TrendMicro
result: TROJ_GEN.R03AC0DH415
update: 20151026
version: 9.740.0.1012
detected: True check_circle

BitDefender
result: AIT:Trojan.Autoit.CKU
update: 20151026
version: 7.2
detected: True check_circle

K7AntiVirus
result: Trojan ( 004c84c41 )
update: 20151026
version: 9.212.17643
detected: True check_circle

Malwarebytes
result: Trojan.PasswordStealer.AI
update: 20151026
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20151025
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Skeeyah.g5
update: 20151026
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.DownLoader11.durrag
update: 20151026
version: 0.30.26.3947
detected: True check_circle

MicroWorld-eScan
result: AIT:Trojan.Autoit.CKU
update: 20151026
version: 12.0.250.0
detected: True check_circle

SUPERAntiSpyware
update: 20151025
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.th
update: 20151026
version: v2015
detected: True check_circle

Baidu-International
result: Trojan.Win32.Autoit.esi
update: 20151025
version: 3.5.1.41473
detected: True check_circle

TrendMicro-HouseCall
update: 20151026
version: 9.800.0.1009
detected: False cancel

total
56
sha256
5e93cf2eed16e0a785a03ad591f3a02cf2ed88a395d7511da9e182147e51a41b
scan_id
5e93cf2eed16e0a785a03ad591f3a02cf2ed88a395d7511da9e182147e51a41b-1445752258
resource
6438ad4bb5a69bf7b1f0259c73163021
positives
35
scan_date
2015-10-25 05:50:58
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
29/2/2020 - 4:46:11.372Open1480C:\malware.exeC:\malware.exe
29/2/2020 - 4:46:11.372Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
29/2/2020 - 4:46:11.372Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
29/2/2020 - 4:46:11.372Unknown1480C:\malware.exeC:\malware.exe
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
29/2/2020 - 4:47:15.575Read2336C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
29/2/2020 - 4:47:15.575Open2336C:\malware.exe\Device\HarddiskVolume2
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\Globalization
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\Globalization
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\Globalization
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\Globalization\Sorting
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\Globalization\Sorting
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\Globalization\Sorting
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\ntdll.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\ntdll.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\wow64.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\wow64.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\wow64win.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\wow64win.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\wow64cpu.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\wow64cpu.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\kernel32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\kernel32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\user32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\user32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\apisetschema.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\locale.nls
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\locale.nls
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\malware.exe
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\malware.exe
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\System32\mctres.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\System32\mctres.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\sechost.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\sechost.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\nsi.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\nsi.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\winmm.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\winmm.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\user32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\user32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\lpk.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\lpk.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\usp10.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\usp10.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\mpr.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\mpr.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\normaliz.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\normaliz.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\iertutil.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\iertutil.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\userenv.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\userenv.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\profapi.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\profapi.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\psapi.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\psapi.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\comdlg32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\comdlg32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\ole32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\ole32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
29/2/2020 - 4:47:15.575Open2336C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
29/2/2020 - 4:47:15.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\SysWOW64\msctf.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\msctf.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\WindowsShell.Manifest
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
29/2/2020 - 4:47:15.590Read2336C:\malware.exeC:\Windows\System32\mctres.dll
29/2/2020 - 4:47:15.590Read2336C:\malware.exeC:\Windows\SysWOW64\mpr.dll
29/2/2020 - 4:47:15.590Read2336C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\locale.nls
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
29/2/2020 - 4:47:15.590Read2336C:\malware.exeC:\Windows\System32\mctres.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\ntdll.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\wow64.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\wow64win.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\wow64cpu.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\kernel32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\user32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\malware.exe
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\sechost.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\nsi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\winmm.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\user32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\lpk.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\usp10.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\normaliz.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\iertutil.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\userenv.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\profapi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\psapi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\comdlg32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\ole32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\oleaut32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\msctf.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
29/2/2020 - 4:47:15.590Unknown2336C:\malware.exe\Device\HarddiskVolume2
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\System32\wow64.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\System32\wow64.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\System32\wow64win.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\System32\wow64win.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\System32\wow64cpu.dll
29/2/2020 - 4:47:15.590Open2336C:\malware.exeC:\Windows\System32\wow64cpu.dll
29/2/2020 - 4:47:15.606Open2336C:\malware.exeC:\Windows\System32\wow64log.dll
29/2/2020 - 4:47:15.606Open2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:15.606Unknown2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:15.606Open2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\sechost.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\sechost.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\SHFolder.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\version.DLL
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\version.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.668Open2336C:\malware.exeC:\Windows\SysWOW64\imm32.dll
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Monitor\Malware
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Secur32.dll
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Windows\SysWOW64\secur32.dll
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Windows\SysWOW64\secur32.dll
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 4:47:15.684Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 4:47:15.684Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\IPHLPAPI.DLL
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\WINNSI.DLL
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 4:47:15.731Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 4:47:15.731Unknown2336C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\DNSAPI.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 4:47:15.731Open2336C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 4:47:15.778Open2336C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
29/2/2020 - 4:47:15.778Open2336C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
29/2/2020 - 4:47:15.778Open2336C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 4:47:15.778Open2336C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 4:47:15.825Open2336C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
29/2/2020 - 4:47:15.825Open2336C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
29/2/2020 - 4:47:15.825Open2336C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
29/2/2020 - 4:47:15.825Open2336C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
29/2/2020 - 4:47:15.825Open2336C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
29/2/2020 - 4:47:15.825Open2336C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
29/2/2020 - 4:47:15.872Open2336C:\malware.exeC:\dhcpcsvc6.DLL
29/2/2020 - 4:47:15.872Open2336C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
29/2/2020 - 4:47:15.872Unknown2336C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
29/2/2020 - 4:47:15.872Open2336C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
29/2/2020 - 4:47:15.872Unknown2336C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
29/2/2020 - 4:47:15.918Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\dhcpcsvc.DLL
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\CRYPTSP.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.918Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.934Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.934Open2336C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
29/2/2020 - 4:47:15.934Open2336C:\malware.exeC:\RpcRtRemote.dll
29/2/2020 - 4:47:15.934Open2336C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
29/2/2020 - 4:47:15.934Unknown2336C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
29/2/2020 - 4:47:15.934Open2336C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
29/2/2020 - 4:47:15.934Unknown2336C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
29/2/2020 - 4:47:15.997Open2336C:\malware.exeC:\rasadhlp.dll
29/2/2020 - 4:47:15.997Open2336C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
29/2/2020 - 4:47:15.997Open2336C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
29/2/2020 - 4:47:16.90Open2336C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
29/2/2020 - 4:47:16.90Open2336C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
29/2/2020 - 4:47:16.325Unknown1480C:\malware.exeC:\Windows
29/2/2020 - 4:47:16.325Unknown1480C:\malware.exeC:\Monitor
29/2/2020 - 4:47:16.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:16.700Open2336C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
29/2/2020 - 4:47:16.700Open2336C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\malware.exe.Local
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:16.731Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:16.731Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:16.731Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\WindowsShell.Manifest
29/2/2020 - 4:47:16.731Unknown2336C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wship6.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.731Open2336C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\credssp.dll
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Windows\SysWOW64\credssp.dll
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Windows\SysWOW64\credssp.dll
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Windows\SysWOW64\schannel.dll
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Windows\SysWOW64\schannel.dll
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:16.981Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:16.981Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:16.981Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:16.981Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:17.168Open2336C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 4:47:17.168Open2336C:\malware.exeC:\Windows\SysWOW64\wininet.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\ncrypt.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\bcrypt.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
29/2/2020 - 4:47:17.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
29/2/2020 - 4:47:17.575Open2336C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
29/2/2020 - 4:47:17.575Unknown2336C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
29/2/2020 - 4:47:17.590Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:17.590Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:17.590Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:17.590Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:17.590Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:17.590Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:17.590Open2336C:\malware.exeC:\GPAPI.dll
29/2/2020 - 4:47:17.606Open2336C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
29/2/2020 - 4:47:17.606Open2336C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:17.715Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:17.715Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:17.715Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
29/2/2020 - 4:47:17.715Unknown2336C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
29/2/2020 - 4:47:17.715Unknown2336C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
29/2/2020 - 4:47:17.715Open2336C:\malware.exeC:\cryptnet.dll
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
29/2/2020 - 4:47:17.731Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABEDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
29/2/2020 - 4:47:17.731Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABEDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
29/2/2020 - 4:47:17.731Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABEDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
29/2/2020 - 4:47:17.731Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5ABEDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_DF9DFCF4E344CEB314F4EEFCE256C452
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BEC6224B02D155A396218A2504F3EE0B
29/2/2020 - 4:47:17.731Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.747Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.747Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.747Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.747Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\739F2FF4259CDC6CBE7B90F1A95601EF
29/2/2020 - 4:47:17.747Open2336C:\malware.exeC:\SensApi.dll
29/2/2020 - 4:47:17.747Open2336C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
29/2/2020 - 4:47:17.747Open2336C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
29/2/2020 - 4:47:17.793Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.793Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.793Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.793Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.793Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:17.793Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\WINHTTP.dll
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\webio.dll
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\Windows\SysWOW64\webio.dll
29/2/2020 - 4:47:17.840Open2336C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
29/2/2020 - 4:47:17.934Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.934Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.934Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.934Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:17.934Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.153Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.153Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.153Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.153Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.153Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.153Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.153Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.153Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.153Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 4:47:18.200Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 4:47:18.200Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 4:47:18.200Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
29/2/2020 - 4:47:18.200Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.200Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.215Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow
29/2/2020 - 4:47:18.215Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.215Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
29/2/2020 - 4:47:18.215Open2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Read2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Write2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.215Unknown2336C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC35DDEDF268117918D1D277A171D8DF7B_E61067BE03240A31BB58795E03AACACC
29/2/2020 - 4:47:18.309Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.309Write2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.309Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.309Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.309Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.309Open2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:18.309Unknown2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:18.309Open2336C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 4:47:18.309Open2336C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.356Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\PROPSYS.dll
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\malware.exe.Local
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:18.356Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:18.356Open2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
29/2/2020 - 4:47:18.372Read2336C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 4:47:18.372Open2336C:\malware.exeC:\Windows\System32\propsys.dll
29/2/2020 - 4:47:18.387Open2336C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 4:47:18.387Open2336C:\malware.exeC:\Windows\SysWOW64\propsys.dll
29/2/2020 - 4:47:18.387Open2336C:\malware.exeC:\Windows\System32\propsys.dll
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Music\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Music\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
29/2/2020 - 4:47:18.497Read2336C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.497Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
29/2/2020 - 4:47:18.512Read2336C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users\Behemot\Links\desktop.ini
29/2/2020 - 4:47:18.512Read2336C:\malware.exeC:\Users\Behemot\Links\desktop.ini
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
29/2/2020 - 4:47:18.512Read2336C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\apphelp.dll
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:18.512Unknown2336C:\malware.exeC:\Windows\SysWOW64
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.512Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.715Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.715Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.715Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.715Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.715Read2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.715Read2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.762Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.762Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.762Open2336C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
29/2/2020 - 4:47:18.918Open2336C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 4:47:18.918Open2336C:\malware.exeC:\Windows\SysWOW64\shell32.dll
29/2/2020 - 4:47:18.918Open2336C:\malware.exeC:\
29/2/2020 - 4:47:18.918Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:18.918Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:18.918Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe:Zone.Identifier
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Read2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\HexEN.exe
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Open2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local
29/2/2020 - 4:47:19.12Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Windows
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Monitor
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
29/2/2020 - 4:47:19.59Unknown2336C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui

Process
Trace
29/2/2020 - 4:46:11.372Create1480C:\malware.exe2336C:\malware.exe
29/2/2020 - 4:47:19.59Terminate1480C:\malware.exe2336C:\malware.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
29/2/2020 - 4:47:15.731Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
29/2/2020 - 4:47:15.731Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
29/2/2020 - 4:47:15.731Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
29/2/2020 - 4:47:15.731Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
29/2/2020 - 4:47:15.731Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
29/2/2020 - 4:47:15.731Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
29/2/2020 - 4:47:15.918Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
29/2/2020 - 4:47:15.918Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
29/2/2020 - 4:47:15.918Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
29/2/2020 - 4:47:16.43Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
29/2/2020 - 4:47:16.90Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 4:47:16.90Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 4:47:16.90Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 4:47:16.90Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
29/2/2020 - 4:47:17.465Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 4:47:17.465Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
29/2/2020 - 4:47:17.465Write2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
29/2/2020 - 4:47:17.465Delete2336C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
29/2/2020 - 4:47:17.715Write2336C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 4:47:17.715Write2336C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 4:47:17.715Write2336C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 4:47:17.715Write2336C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
29/2/2020 - 4:47:17.715Write2336C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code cld.pt.
computer localhost arrow_forward computer gateway:DNS code cld.pt.

Response
computer gateway:DNS arrow_forward computer localhost code cld.pt. reply_all 213.13.26.154


TCP
Info
computer localhost:65191 arrow_forward 213.13.26.152:443
computer localhost:65192 arrow_forward 192.16.58.8:80
192.16.58.8:80 arrow_forward computer localhost:65192
213.13.26.152:443 arrow_forward computer localhost:65191

UDP
Info
computer localhost:53 arrow_forward computer localhost:50273
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:68 arrow_forward help_outline 255.255.255.255:67

HTTP
Info
computer localhost send GET ocsp.digicert.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAz%2BKkGLdanNXtXryinI8mE%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.33%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 75.48%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 73.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.52%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 97.97%
suspicious: False cancel

Add to Collection
Download