Report #9584 check_circle

Binary
DLL
False cancel
Size
486.50KB
trid
35.7% Win32 Executable
16.4% Win16/32 Executable Delphi generic
16.0% OS/2 Executable
15.8% Generic Win/DOS Executable
15.8% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
473ab31afe642d9e91592cd6f626069c
sha1
6a2eacffbfc5901a9579e2127e8a45c04ee66b7f
crc32
0xb453da70
sha224
8368c0de3e3a31c8cc6eceb1224557805896edf4d77b878687b7c655
sha256
a29314f8e9c564d016b5e94a3ee7965052e422b416d0c1814859cc84a2618cfc
sha384
f1d4eeba9a6133db7fc5981f549279b8a662b6e99d624f2c19bfb6a1928f14866a18771d6b85fc933eee9246a7d6f42b
sha512
1b5d9ab67a828e22dccb3ee2c90565cae24faab81ae7953030aeb09bf5a2b05126487b3ddc4e6a4dabd9e954f542fd1a0fe532cc1a06110c6c3befaaf2f4e171
ssdeep
12288:UhghMl2tCLJIRyECutq+4UZEZAvnh1OekGM0hMisK58i15G/gqb7H6:UhghMS4otp4efPhHHbhM1K5G/gqbb6
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
ASPack_v212, ASPack_v212_Alexey_Solodovnikov, domain, ASPack_v212_additional, ASProtect_V2X_DLL_Alexey_Solodovnikov_additional, contentis_base64, ASPackv212AlexeySolodovnikov, ASProtectV2XDLLAlexeySolodovnikov, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, ASPack_v211d, IsPE32, network_dropper, ASPack_v21_additional, ASPack_212withouth_Poly_Solodovnikov_Alexey, IsWindowsGUI, ASProtect_V2X_DLL_Alexey_Solodovnikov, IsPacked

Suspicious
True check_circle

Strings
List
Ymr.es
f.se
N.gF
f.mt
JQ.sM
g.kh
winspool.drv
winspool.drv
comctl32.dll
msimg32.dll
version.dll
urlmon.dll
D(wtd
5b%aGr^C4
%he~6h
Yi%eC|.R
y%o@e
t,%nR
Lu%td,
EXECUTABLE
GetProcAddress
ExitProcess
This program must be run under Win32
ShellExecuteW
VirtualAlloc
VirtualProtect
GetModuleHandleA
LoadLibraryA
RegQueryValueExW
NETWORK
The ordinal %u could not be located in the dynamic link library %s
4#%/
4[%/
The procedure entry point %s could not be located in the dynamic link library %s
IT-8
E=*l
E_S|
%\*+%
e*`7
,"a%R@S;
|H//eV55{C
6PYwe'0r
't8P6WIW
R'W5,Ooy_
M{$.A\cp8
2Het>)~D
|97g`R;b\UN
;;F1EDA
R'M$1DO
LM*Sy)D4e5>2
Ge:`h"R%
8r}VStb90
A!\PR,&
im>1ICu
@-uNh1*
KT%<$v\eL
8otP@
#aTPOe
RT}Xe&l/-t
-AFC>("KHg
T^!/vkoL
s^/\FwAl
CURRENTFOLDER
hT@?U
t7ma/md
ocnM#qs/y
jdAlg)}tli{
.aspack
GetDefaultPrinterW
'pat 'uc=7
PACKAGEINFO
UNKNOWNFILE
OPENFOLDER
CLOSEDFOLDER
:AGI8
rYi+,UV
0dNI6(
oc/4iF
uYHdeD[
TFUeC`r
MAINICON
BBIGNORE
.didata
`krLis!pKf[
E7;H.
,E:2D
RdL/~R-,
|Ehu9W
]gRosr)
OTF|'/
YCQaD'%T
RN=QL~da
BBCANCEL
gGa79ii
BA8CiH2
!DC.fD$S
_bTDA7
T(9LEd
4MOr(
B>AEA=

Foremost
Matches
0.exe, 486 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: user32.dll, comctl32.dll, ole32.dll, gdi32.dll, shell32.dll, urlmon.dll, oleaut32.dll, msimg32.dll, kernel32.dll, advapi32.dll, version.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 262656
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .itext, .data, .bss, .idata, .didata, .tls, .rdata, .reloc, .rsrc, .adata
Suspicious: .aspack
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: True check_circle

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 1482753
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, comctl32.dll, ole32.dll, gdi32.dll, shell32.dll, urlmon.dll, oleaut32.dll, msimg32.dll, kernel32.dll, advapi32.dll, version.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-07-15 22:51:10
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: ASProtect V2.X DLL -> Alexey Solodovnikov, ASPack v2.12, ASPack v2.1
Compiled: False cancel
Compilers
MainPacker: ASPack v2.12 -> Alexey Solodovnikov

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 20
.rsrc: 21
.text: 238
.idata: 2
.aspack: 3
.didata: 1

pushpopmath
.data: 5
.rsrc: 12
.text: 116
.idata: 3
.aspack: 1

ss register
.text: 1

garbagebytes
.data: 6
.rsrc: 9
.text: 69
.idata: 1
.aspack: 3

hookdetection
.text: 10
.aspack: 1

software breakpoint
.text: 6

fakeconditionaljumps
.text: 4

programcontrolflowchange
.data: 6
.rsrc: 9
.text: 65
.idata: 1
.aspack: 3

cpuinstructionsresultscomparison
.rsrc: 6
.text: 1

AVclass
banload
1
VirusTotal
md5
473ab31afe642d9e91592cd6f626069c
sha1
6a2eacffbfc5901a9579e2127e8a45c04ee66b7f
SCANS (DETECTION RATE = 71.21%)
AVG
result: FileRepMalware
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 0049d27d1 )
update: 20180325
version: 10.42.26601
detected: True check_circle

ALYac
result: Gen:Variant.Symmi.47053
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMalware
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Graftor.147949
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.KERG-9025
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.Bankfraud.1762
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Symmi.47053
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180325
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180325
version: 28741
detected: True check_circle

F-Prot
update: 20180325
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!473AB31AFE64
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Undefined!8.C (TFE:5:9eNnoyufkkN)
update: 20180325
version: 25.0.0.1
detected: True check_circle

Sophos
result: Troj/Bancos-BZG
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!7fC61Xd6GBY
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.57919
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Symmi.DB7CD
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-downloader.Banload.Pbpi
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Symmi.47053
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Downloader.W32.Banload.cvke!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Symmi.47053 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180325
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20180325
version: 5.4.247.0
detected: False cancel

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
result: Trojan-Downloader.Win32.Banload.b
update: 20180325
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.02
detected: False cancel

AhnLab-V3
result: Trojan/Win32.HDC.C524093
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win32.Banload
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180325
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.262
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180325
version: 1.0
detected: True check_circle

Cybereason
result: malicious.afe642
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.TTK
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD.GTT
update: 20180325
version: 9.862.0.1074
detected: True check_circle

BitDefender
result: Gen:Variant.Symmi.47053
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_70% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 0049d27d1 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180325
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.dchxkg
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Symmi.47053
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180325
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Dropper.gc
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD.GTT
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
a29314f8e9c564d016b5e94a3ee7965052e422b416d0c1814859cc84a2618cfc
scan_id
a29314f8e9c564d016b5e94a3ee7965052e422b416d0c1814859cc84a2618cfc-1521960663
resource
473ab31afe642d9e91592cd6f626069c
positives
47
scan_date
2018-03-25 06:51:03
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
13/3/2020 - 12:45:42.856Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.muicomctl32.dll.mui
13/3/2020 - 12:45:42.903Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll.Config
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\malware.exe.Local
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:43.43Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
13/3/2020 - 12:45:43.43Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
13/3/2020 - 12:45:43.43Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
13/3/2020 - 12:45:43.43Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tisys.zip
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Secur32.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.106Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\IPHLPAPI.DLL
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\WINNSI.DLL
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\DNSAPI.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:43.153Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 12:45:43.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
13/3/2020 - 12:45:43.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
13/3/2020 - 12:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
13/3/2020 - 12:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
13/3/2020 - 12:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
13/3/2020 - 12:45:43.325Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
13/3/2020 - 12:45:43.372Open1480C:\malware.exeC:\dhcpcsvc6.DLL
13/3/2020 - 12:45:43.372Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/3/2020 - 12:45:43.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/3/2020 - 12:45:43.372Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/3/2020 - 12:45:43.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\dhcpcsvc.DLL
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\CRYPTSP.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\RpcRtRemote.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/3/2020 - 12:45:43.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/3/2020 - 12:45:43.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:43.418Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:43.481Open1480C:\malware.exeC:\rasadhlp.dll
13/3/2020 - 12:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
13/3/2020 - 12:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
13/3/2020 - 12:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
13/3/2020 - 12:45:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
13/3/2020 - 12:45:43.528Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
13/3/2020 - 12:45:43.528Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\malware.exe.Local
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:43.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:43.622Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
13/3/2020 - 12:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\tisys[1].htm
13/3/2020 - 12:45:44.262Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\tisys[1].htmtisys[1].htm
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:44.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\credssp.dll
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:44.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:44.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:44.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 12:45:44.684Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\ncrypt.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\bcrypt.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
13/3/2020 - 12:45:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
13/3/2020 - 12:45:45.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
13/3/2020 - 12:45:45.325Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
13/3/2020 - 12:45:45.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
13/3/2020 - 12:45:45.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.325Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.325Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.340Open1480C:\malware.exeC:\GPAPI.dll
13/3/2020 - 12:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
13/3/2020 - 12:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\cryptnet.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:45.434Open1480C:\malware.exeC:\SensApi.dll
13/3/2020 - 12:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
13/3/2020 - 12:45:45.434Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\WINHTTP.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\webio.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:45.528Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
13/3/2020 - 12:45:45.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.684Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.684Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.684Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.684Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_C95AFE779A09B6B8C03D47AD8998ACC3
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:46.747Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.747Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.747Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.747Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.887Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.887Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.887Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.231Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.231Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.231Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.372Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.372Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.372Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.434Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CCD9901CD8DD7EC9341954D5F91CCF2D
13/3/2020 - 12:45:48.356Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.356Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.356Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.434Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.450Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.450Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tisys.zip

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
13/3/2020 - 12:45:43.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
13/3/2020 - 12:45:43.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
13/3/2020 - 12:45:43.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
13/3/2020 - 12:45:43.153Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
13/3/2020 - 12:45:43.153Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
13/3/2020 - 12:45:43.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
13/3/2020 - 12:45:43.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
13/3/2020 - 12:45:43.215Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
13/3/2020 - 12:45:43.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:43.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:43.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:43.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:44.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.356Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
13/3/2020 - 12:45:44.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
13/3/2020 - 12:45:44.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.903Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.903Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:45.418Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.418Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.418Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.418Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.418Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:48.465Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.465Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
13/3/2020 - 12:45:48.465Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.465Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
13/3/2020 - 12:45:48.481Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.481Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
13/3/2020 - 12:45:48.481Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.481Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:49551 code ocsp.int-x3.letsencrypt.org.
computer localhost arrow_forward computer gateway:50043 code crl.identrust.com.
computer localhost arrow_forward computer gateway:DNS code isrg.trustid.ocsp.identrust.com.
computer localhost arrow_forward computer gateway:50273 code edaysch.ru.
computer localhost arrow_forward computer gateway:DNS code edaysch.ru.
computer localhost arrow_forward computer gateway:DNS code apps.identrust.com.
computer localhost arrow_forward computer gateway:59829 code isrg.trustid.ocsp.identrust.com.
computer localhost arrow_forward computer gateway:DNS code crl.identrust.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.int-x3.letsencrypt.org.

Response
computer gateway:DNS arrow_forward computer localhost code apps.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code ocsp.int-x3.letsencrypt.org. reply_all 186.192.152.75

computer gateway:DNS arrow_forward computer localhost code crl.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code edaysch.ru. reply_all 81.177.165.131

computer gateway:DNS arrow_forward computer localhost code isrg.trustid.ocsp.identrust.com. reply_all 186.192.152.200


TCP
Info
computer localhost:65191 arrow_forward 81.177.165.131:80
computer localhost:65195 arrow_forward 192.35.177.64:80
computer localhost:65196 arrow_forward 186.192.152.218:80
81.177.165.131:443 arrow_forward computer localhost:65192
192.35.177.64:80 arrow_forward computer localhost:65195
computer localhost:65192 arrow_forward 81.177.165.131:443
computer localhost:65194 arrow_forward 186.192.152.219:80
computer localhost:65193 arrow_forward 192.35.177.64:80
81.177.165.131:80 arrow_forward computer localhost:65191
186.192.152.219:80 arrow_forward computer localhost:65194
186.192.152.218:80 arrow_forward computer localhost:65196
192.35.177.64:80 arrow_forward computer localhost:65193

UDP
Info
computer localhost:49551 arrow_forward computer localhost:53
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:53 arrow_forward computer localhost:49551
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET edaysch.ru attach_file /includes/js/w3r/tisys.zip
computer localhost send GET apps.identrust.com attach_file /roots/dstrootcax3.p7c
computer localhost send GET isrg.trustid.ocsp.identrust.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
computer localhost send GET crl.identrust.com attach_file /DSTROOTCAX3CRL.crl
computer localhost send GET ocsp.int-x3.letsencrypt.org attach_file /MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgRQmIlu5gs%2BpLDXyJWUYIcSFQ%3D%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.21%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 74.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 92.64%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 32.85%
suspicious: False cancel

Add to Collection
Download