Report #9309 check_circle

  • Creation Date: March 11, 2020, 4:16 p.m.
  • Last Update: March 11, 2020, 4:56 p.m.
  • File: Avastsurival.exe
  • Results:
Binary
DLL
False cancel
Size
4.15MB
trid
35.7% Win32 Executable
16.4% Win16/32 Executable Delphi generic
16.0% OS/2 Executable
15.8% Generic Win/DOS Executable
15.8% DOS Executable Generic
type
PE
wordsize
0
Subsystem
unknown
Hashes
md5
b73f00271484adb0aeae4252f47b76da
sha1
e60c840654cb9cf51fe09c570baa9c329acb0d70
crc32
0xa75c15f5
sha224
2e0828ae2d33697ee372e38dd748a9d4386304287410335837f4a897
sha256
7f074812f0db4e7e0eb0046c18ad31a296f2f54949197f184dca7be1715d42a3
sha384
43c380e64392007a788b6fc4cd958ddbdf015d5504c295293dedfce4342d3f4564590e83d30854b2b0e57c21f8ca73c7
sha512
81c40a7bb83950300ed43cbdd69fc6d1ceb387d02bab35f022527a2a3465d5a10218ba6057ed426f54b2a95c5756487ed6e6d04fc9eb2e72ce0aef19bd6d8350
ssdeep
98304:1LE3+8BpIIEzjqzKZA5VZTzEnR2zM8zy9:W3+uIIHKK5LTzYAzy9
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
IP, contentis_base64, Themida_v2010_v2065_or_newer, IsPacked, ThemidaWinLicense_V2100_p_Oreans_Technologies_20090917, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
eVk.aG
y.ht
a.Fi
S7k.To
F.ro
7o.tm
%s.CD
g.cO
3.aD
w.gN
k.BT
AG.Je
H.ke
Vb.iM
9vE.cK
L.gr
9.Tv
g%a.it>
u8.ca
Y.us
w.Us
5.Bj
fq.Mv
Z.sU
F.Cw
5.lT
!d.sI
Ch.Ua%I
H%i8zlIb(P
m.sr>
%-tgl%
1.0.0.0
1.0.0.0
*.8\
`~82
`%/1
~tOfr-
A87NCO%/
A%/EI6co
sTOc%/
rW6,E
RI:5h
*>'%/
=@%&oh
I:H>.
MOL@`
RY:wO%
-TA-D
TL@`hP
Y%/(hE:
pr=_&oRs
B%/Uil|$[=
[%/
%/th
R:wE
BI:oD
1a7ic
%dtP(
%A1tW
3(%ADo
%a2u/'~s
thT3%f1
M&#4%sHD
A5R(c\V<%p
:62N%fR-#Ac%
%8'9H%A/;.
e6lKF,%E(
%uPe<]h1Y+
#%cB$T8E
%EiW8~et|%M
=%E<>reA@
name="Microsoft.Windows.Common-Controls"
TW%*i
\%6o2r8
%9o6n(.
!'%te1`
)pFv19t%d
dQ8I6f%i_o
LDPbA%5uR`
%5ocl
~-TM%3s
l5MT%n*
S%9d`n1
P\%e2ui
T*%eC7P
a0;&%%O
4"%a_uO
Go-e%A4
2%3pER,
E0N%eP"
T%9FUE-
)Bn0g%e
.%fR0#i
<'E2%cD
/Hm2@%E
%%_"93
h%e[5
%e/3}
$t%a8
r<5%a

Foremost
Matches
None
Suspicious
False cancel
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2706432
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 4380806
Suspicous: False cancel

Sections
Allowed: , .rsrc, .idata , , uveyygr, qvzuesr
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 7725056
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-06-23 13:08:10
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 576
.rsrc: 1429

pushpopmath
none: 317
.rsrc: 1281

ss register
none: 10
.rsrc: 11

garbagebytes
none: 225
.rsrc: 545

hookdetection
none: 23
.rsrc: 49

software breakpoint
none: 14
.rsrc: 43

fakeconditionaljumps
none: 23
.rsrc: 36

programcontrolflowchange
none: 203
.rsrc: 510

cpuinstructionsresultscomparison
.rsrc: 27

AVclass
scar
1
VirusTotal
md5
b73f00271484adb0aeae4252f47b76da
sha1
e60c840654cb9cf51fe09c570baa9c329acb0d70
SCANS (DETECTION RATE = 72.73%)
AVG
result: Win32:GenMalicious-JTQ [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
result: W32.HfsAutoB.CAC0
update: 20180325
version: 1.3.0.9466
detected: True check_circle

K7GW
result: Riskware ( 0040eff71 )
update: 20180325
version: 10.42.26601
detected: True check_circle

ALYac
result: Gen:Variant.Zusy.106993
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:GenMalicious-JTQ [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Crypt.TPM.Gen
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/D_Bancos!Generic
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader11.35613
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Zusy.106993
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: Trj/Chgt.I
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.Scar
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180325
version: 0.99.2.0
detected: False cancel

Comodo
result: TrojWare.Win32.Spy.Banker.Gen
update: 20180325
version: 28741
detected: True check_circle

F-Prot
result: W32/D_Bancos!Generic
update: 20180325
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Win32.Themida
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!B73F00271484
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180325
version: 25.0.0.1
detected: False cancel

Sophos
result: Mal/Behav-374
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Riskware.Themida!
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180323
version: 2.0.0.3519
detected: False cancel

Arcabit
result: Trojan.Zusy.D1A1F1
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan.Scar.Pefv
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Zusy.106993
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.W32.Scar.ibce!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Zusy.106993 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180310
version: 11.0.19100.45
detected: False cancel

Fortinet
result: W32/Scar.IBCE!tr
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
result: Trojan.Scar.itg
update: 20180325
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.01
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.C425453
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Kaspersky
result: Trojan.Win32.Scar.ibce
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180325
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.ab3
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan.Win32.Scar.ibce
update: 20180325
version: 1.0
detected: True check_circle

Cybereason
result: malicious.71484a
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/Packed.Themida.ABW
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_SULUNCH.VL
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: Gen:Variant.Zusy.106993
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180325
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Scar
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.TPM.dfwnmr
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Zusy.106993
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180325
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.SuspiciousPacked.rc
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_SULUNCH.VL
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
7f074812f0db4e7e0eb0046c18ad31a296f2f54949197f184dca7be1715d42a3
scan_id
7f074812f0db4e7e0eb0046c18ad31a296f2f54949197f184dca7be1715d42a3-1521955447
resource
b73f00271484adb0aeae4252f47b76da
positives
48
scan_date
2018-03-25 05:24:07
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/3/2020 - 15:45:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:44.762Read1480C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:44.809Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 15:45:44.809Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 15:45:45.90Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:45.90Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:45.106Open1480C:\malware.exeC:\version.dll
11/3/2020 - 15:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 15:45:45.106Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:45.168Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 15:45:45.168Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\winspool.drv
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 15:45:45.184Open1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:45.184Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Unknown1480C:\malware.exeC:\Monitor\Malware
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 15:45:47.465Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\dwmapi.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\wtsapi32.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\WINSTA.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/3/2020 - 15:45:47.512Open1480C:\malware.exeC:\Windows\SysWOW64\winsta.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 15:45:47.606Read1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\security.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\SECUR32.DLL
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\olepro32.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Drestsilver.tl
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Drestsilver.tl
11/3/2020 - 15:45:47.606Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Drestsilver.tlDrestsilver.tl
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.606Unknown1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.606Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\malware.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:47.622Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\PROPSYS.dll
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\malware.exe.Local
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:47.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
11/3/2020 - 15:45:47.622Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 15:45:47.622Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
11/3/2020 - 15:45:47.637Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 15:45:47.637Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 15:45:47.637Open1480C:\malware.exeC:\Windows\System32\propsys.dll
11/3/2020 - 15:45:47.637Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 15:45:47.637Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
11/3/2020 - 15:45:47.637Open1480C:\malware.exeC:\Windows\System32\propsys.dll
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Music\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Links\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
11/3/2020 - 15:45:47.715Read1480C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\apphelp.dll
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:47.715Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:47.731Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.731Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows
11/3/2020 - 15:45:47.731Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:47.731Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:47.731Unknown1480C:\malware.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.731Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Read1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.918Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.918Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
11/3/2020 - 15:45:47.918Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:47.981Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.981Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 15:45:47.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 15:45:47.997Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
11/3/2020 - 15:45:47.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe:Zone.Identifier
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:47.997Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:47.997Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:47.997Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.90Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.137Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.184Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.231Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:48.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:48.278Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeInternetexplorervps.exe
11/3/2020 - 15:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\ui\SwDRM.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\Prefetch\INTERNETEXPLORERVPS.EXE-05741994.pf
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows
11/3/2020 - 15:45:48.340Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows
11/3/2020 - 15:45:48.340Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Monitor
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\winmm.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\winmm.dll
11/3/2020 - 15:45:48.356Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\winmm.dll
11/3/2020 - 15:45:48.481Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:48.653Unknown1480C:\malware.exeC:\Windows
11/3/2020 - 15:45:48.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:48.653Unknown1480C:\malware.exeC:\Monitor
11/3/2020 - 15:45:48.653Unknown1480C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 15:45:49.434Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:49.434Read1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:49.434Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 15:45:49.434Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 15:45:49.715Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:49.715Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Monitor
11/3/2020 - 15:45:49.731Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\version.dll
11/3/2020 - 15:45:49.731Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 15:45:49.731Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\version.dll
11/3/2020 - 15:45:49.747Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe.Local
11/3/2020 - 15:45:49.747Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:49.747Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:49.747Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:49.747Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 15:45:49.747Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
11/3/2020 - 15:45:49.747Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\WindowsShell.Manifest
11/3/2020 - 15:45:49.793Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
11/3/2020 - 15:45:49.793Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\winspool.drv
11/3/2020 - 15:45:49.793Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 15:45:49.793Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\winspool.drv
11/3/2020 - 15:45:49.809Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Monitor
11/3/2020 - 15:45:49.809Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 15:45:51.934Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\rpcss.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\dwmapi.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\dwmapi.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\wtsapi32.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\wtsapi32.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\wtsapi32.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\WINSTA.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\winsta.dll
11/3/2020 - 15:45:51.981Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\winsta.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\Fonts\StaticCache.dat
11/3/2020 - 15:45:52.75Read1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\security.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\security.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\SECUR32.DLL
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\secur32.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\olepro32.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\olepro32.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\Drestsilver.tl
11/3/2020 - 15:45:52.75Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\Drestsilver.tlDrestsilver.tl
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\Fwpuclnt.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\IdnDL.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\idndl.dll
11/3/2020 - 15:45:52.75Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\idndl.dll
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\uxtheme.dll.Config
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\uxtheme.dll
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe.Local
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:52.90Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:52.90Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe.Local
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
11/3/2020 - 15:45:52.90Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_pt-br_59b90943c4d9db88\comctl32.dll.mui
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\ConSmts
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\ConSmts
11/3/2020 - 15:45:52.90Write1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\ConSmts
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Users\Behemot\AppData\Local\Temp\CMD.EXE
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Monitor\CMD.EXE
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.90Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.106Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\
11/3/2020 - 15:45:52.106Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows
11/3/2020 - 15:45:52.106Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.106Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.106Unknown1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.106Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.106Read1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.106Read1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.106Read1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.122Open1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
11/3/2020 - 15:45:52.122Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
11/3/2020 - 15:45:52.122Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
11/3/2020 - 15:45:52.122Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 15:45:52.122Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.137Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 15:45:52.137Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
11/3/2020 - 15:45:52.153Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.153Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
11/3/2020 - 15:45:52.153Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.168Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.168Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.403Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.403Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 15:45:52.403Unknown2168C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 15:45:52.403Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.403Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.418Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.418Read2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.418Open2168C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\Prefetch\REG.EXE-4978446A.pf
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64win.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64cpu.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\System32\wow64log.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows
11/3/2020 - 15:45:52.481Unknown2324C:\Windows\SysWOW64\reg.exeC:\Windows
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Monitor
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\sechost.dll
11/3/2020 - 15:45:52.481Read2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.481Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\imm32.dll
11/3/2020 - 15:45:52.481Read2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.622Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/3/2020 - 15:45:52.622Unknown2324C:\Windows\SysWOW64\reg.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/3/2020 - 15:45:52.622Open2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/3/2020 - 15:45:52.622Unknown2324C:\Windows\SysWOW64\reg.exeC:\Windows
11/3/2020 - 15:45:52.622Unknown2324C:\Windows\SysWOW64\reg.exeC:\Monitor
11/3/2020 - 15:45:52.622Unknown2324C:\Windows\SysWOW64\reg.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
11/3/2020 - 15:45:52.622Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Windows
11/3/2020 - 15:45:52.622Unknown2168C:\Windows\SysWOW64\cmd.exeC:\Monitor

Process
Trace
11/3/2020 - 15:45:48.278Create1480C:\malware.exe1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe
11/3/2020 - 15:45:52.106Create1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe2168C:\Windows\SysWOW64\cmd.exe
11/3/2020 - 15:45:52.418Create2168C:\Windows\SysWOW64\cmd.exe2324C:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.622Terminate2168C:\Windows\SysWOW64\cmd.exe2324C:\Windows\SysWOW64\reg.exe
11/3/2020 - 15:45:52.622Terminate1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exe2168C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
11/3/2020 - 15:45:47.981Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
11/3/2020 - 15:45:52.90Write1500C:\Users\Behemot\AppData\Local\Temp\Internetexplorervps.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run
11/3/2020 - 15:45:52.622Write2324C:\Windows\SysWOW64\reg.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 80.46%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 92.66%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 69.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 83.30%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 97.95%
suspicious: True check_circle

Add to Collection
Download