Report #9585 check_circle

  • Creation Date: March 13, 2020, 12:33 p.m.
  • Last Update: March 13, 2020, 1:56 p.m.
  • File: Comprovante_nf.exe
  • Results:
Binary
DLL
False cancel
Size
573.50KB
trid
52.1% Win32 EXE PECompact compressed
36.7% Win32 EXE PECompact compressed
3.9% Win32 Executable
1.8% Win16/32 Executable Delphi generic
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
3088a2eedb20848ce2599ccf59049f12
sha1
a6fee770bc24993561a9a73ebb298fc9a1d2be3c
crc32
0x7e8c2f95
sha224
7eda3e273725171e564ee98c97d335013d7d5540763c120856c7c8cb
sha256
d67e0bbd954962b746eaf2cd43c6ddd8b4af2f57c10dc391cc2fbb257f2884e2
sha384
9810051a46097075a0e685ed84795289a7d627d53c23daf3c8edc168439a2c276d66a0a0342aa36d0407f1964b94a5c3
sha512
54e65fb975218d0eef6305abea19ea5dce93bfb7e7faa6e0dcce1b1a06214004f48ed2180c0412ec455902f406b4d19e318327f434827cbfc83eaf679dcf56c5
ssdeep
12288:2jDTFDuhxgs2nn7gYpBylgin7rzGIZBbbT:MFDuhxgsMne/7rqIZ
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, PECompact_2x_Jeremy_Collake, PECompact_v20_additional, network_dropper, PECompact_v20, PECompact_V2X_Bitsum_Technologies_additional, PECompact_20x_Heuristic_Mode_Jeremy_Collake, PECompact_v2xx_additional, PECompactv2xx, IsPE32, PeCompact_v208_Bitsum_Technologiessignature_by_loveboom, PECompact2xxBitSumTechnologies, PECompact_v2xx, PeCompact_2xx_BitSum_Technologies, contentis_base64, IsPacked, PeCompact_253_DLL_BitSum_Technologies_additional, IsWindowsGUI, PECompactV2XBitsumTechnologies, PECompact_2xx_BitSum_Technologies, PeCompact_253_DLL_BitSum_Technologies, pecompact2, PECompact_V2X_Bitsum_Technologies

Suspicious
True check_circle

Strings
List
I.bI
e.KR
vT.Mg
Q.bt
winspool.drv
comctl32.dll
msimg32.dll
version.dll
fDA7
eC-D
Rda3
A%e\9l
%fIn"
y@ w%ui|h
X,=p.IR
Y.LI*
EXECUTABLE
|i.kp
GetProcAddress
PECompact2
This program must be run under Win32
ShellExecuteW
VirtualAlloc
RegQueryValueExW
LoadLibraryA
NETWORK
E9AU
X.AX!z
?ExitPI
`-coM2@L
)!44INf;
~0u'9/Id
aMMiUS$1
\H>"-H>>A
:p~a6iLeL
|hr8IF:>
URLMON.DLL
sEx=l);)T8
G8.lIyd0%
']+;}OYr
?unou,3G
/o@GIXI?r
L_Ci[~SFXU
[=V7eS6
J53L`h?_EbSp
Ht%Jhaa
Mid<!+`t
==4c\eO
uLtSK<YE
9El*tyU
iNcGn;1&
SGF;0uB*
~,iigNDLd
{D"RnT0c8L
r/CMaYCY
iEn"C$;
CURRENTFOLDER
3nKd=Va
eoNgrO,
**ANXKfi
IkdAuO%@
f5OF_e
PEC2^O
|xltk[Pba
L3Z3.o` ra
Ia|KUDo
KNOWNFILE
OPENFOLDER
UNKNOWNFILE
CLOSEDFOLDER
PACKAGEINFO
SF1(E
~D2ES
pnL#_IU
_iGDPE.
EKTmOY^
OUTjBC)
MAINICON
BBIGNORE
s;Ht0
-DE(7
0PId'o
3ifO[s
P.,RO
PabTW/w
!Dn:iSP
)<H]LE
`HM2dO
P},ZardT
BBCANCEL
LLwe5CVMxd
;N1TP
5tAk-d
$9NuTy
/TO2p
|7owS
c5/EE
E0A_m
Pe(7s
HA:![

Foremost
Matches
0.exe, 573 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: URLMON.DLL, comctl32.dll, ole32.dll, advapi32.dll, user32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, shell32.dll, msimg32.dll, version.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 390144
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 16384
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 609384
Suspicous: False cancel

Sections
Allowed: .text, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 2.25
Suspicious: False cancel
Subsystem
Version: 5.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 4096
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: urlmon.dll, comctl32.dll, ole32.dll, advapi32.dll, user32.dll, gdi32.dll, oleaut32.dll, kernel32.dll, shell32.dll, msimg32.dll, version.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-07-24 11:49:07
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: PECompact 2.x -> Jeremy Collake, PECompact v2.0, PeCompact 2.53 DLL --> BitSum Technologies, PECompact 2.0x Heuristic Mode -> Jeremy Collake
Compiled: False cancel
Compilers
MainPacker: PECompact 2.xx --> BitSum Technologies

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 2
.text: 255

pushpopmath
.rsrc: 3
.text: 119

ss register
.text: 3

garbagebytes
.rsrc: 2
.text: 95

hookdetection
.text: 11

software breakpoint
.text: 7

fakeconditionaljumps
.text: 5

programcontrolflowchange
.rsrc: 2
.text: 90

cpuinstructionsresultscomparison
.rsrc: 6
.text: 2

AVclass
banload
1
VirusTotal
md5
3088a2eedb20848ce2599ccf59049f12
sha1
a6fee770bc24993561a9a73ebb298fc9a1d2be3c
SCANS (DETECTION RATE = 77.61%)
AVG
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180323
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20180323
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180322
version: 1.3.0.9466
detected: False cancel

K7GW
result: Trojan-Downloader ( 004e281c1 )
update: 20180323
version: 10.42.26597
detected: True check_circle

ALYac
result: Gen:Variant.Graftor.148996
update: 20180323
version: 1.1.1.5
detected: True check_circle

Avast
result: FileRepMetagen [Malware]
update: 20180323
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Graftor.148996.1
update: 20180323
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9878
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.PWRC-4771
update: 20180323
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.Bankfraud.1762
update: 20180323
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Graftor.148996
update: 20180323
version: A:25.16478B:25.11859
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180323
version: 4.6.4.2
detected: True check_circle

VBA32
result: TrojanDownloader.Banload
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180323
version: 65472
detected: True check_circle

Zoner
update: 20180323
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180323
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180323
version: 0.99.2.0
detected: False cancel

Comodo
result: .UnclassifiedMalware
update: 20180323
version: 28731
detected: True check_circle

F-Prot
update: 20180323
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.Banload
update: 20180323
version: 0.1.5.2
detected: True check_circle

McAfee
result: Generic.dx!3088A2EEDB20
update: 20180323
version: 6.0.6.653
detected: True check_circle

Rising
result: Malware.Undefined!8.C (TFE:5:ead9c7wzaAG)
update: 20180323
version: 25.0.0.1
detected: True check_circle

Sophos
result: Troj/Bancos-BZG
update: 20180323
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.DL.Banload!13vcJSUZHAQ
update: 20180323
version: 5.5.1.3
detected: True check_circle

Zillya
result: Downloader.Banload.Win32.58084
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Graftor.D24604
update: 20180323
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180323
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20180316
version: 2.0.5
detected: True check_circle

Tencent
result: Win32.Trojan-downloader.Banload.Lhwy
update: 20180323
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180323
version: 2014.3.20.0
detected: False cancel

eGambit
result: Unsafe.AI_Score_67%
update: 20180323
version: v4.3.5
detected: True check_circle

Ad-Aware
result: Gen:Variant.Graftor.148996
update: 20180323
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.Downloader.W32.Banload.cvkr!c
update: 20180323
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Graftor.148996 (B)
update: 20180323
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Graftor.148996
update: 20180323
version: 11.0.19100.45
detected: True check_circle

Fortinet
update: 20180323
version: 5.4.247.0
detected: False cancel

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
update: 20180323
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180323
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180323
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180323
version: 1.5.0.0
detected: True check_circle

nProtect
result: Trojan-Downloader/W32.Banload.587264.B
update: 20180323
version: 2018-03-23.02
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Banload.R119695
update: 20180323
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Downloader]/Win32.Banload
update: 20180323
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.Banload.cvkr
update: 20180323
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanDownloader:Win32/Banload
update: 20180323
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: Win32/Trojan.Multi.daf
update: 20180323
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.Banload.cvkr
update: 20180323
version: 1.0
detected: True check_circle

Cybereason
result: malicious.edb208
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of Win32/TrojanDownloader.Banload.TVQ
update: 20180323
version: 17106
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD.HHYY
update: 20180323
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Gen:Variant.Graftor.148996
update: 20180323
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_90% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan-Downloader ( 004e281c1 )
update: 20180323
version: 10.42.26592
detected: True check_circle

SentinelOne
result: static engine - malicious
update: 20180225
version: 1.0.15.206
detected: True check_circle

Avast-Mobile
update: 20180323
version: 180323-02
detected: False cancel

Malwarebytes
update: 20180323
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180323
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.Banload
update: 20180322
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Banload.dcwnpc
update: 20180323
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Graftor.148996
update: 20180323
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180323
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.hc
update: 20180323
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD.HHYY
update: 20180323
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
d67e0bbd954962b746eaf2cd43c6ddd8b4af2f57c10dc391cc2fbb257f2884e2
scan_id
d67e0bbd954962b746eaf2cd43c6ddd8b4af2f57c10dc391cc2fbb257f2884e2-1521825852
resource
3088a2eedb20848ce2599ccf59049f12
positives
52
scan_date
2018-03-23 17:24:12
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
13/3/2020 - 12:45:43.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
13/3/2020 - 12:45:43.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
13/3/2020 - 12:45:43.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnxyz.zip
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Secur32.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\IPHLPAPI.DLL
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\WINNSI.DLL
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\DNSAPI.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 12:45:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 12:45:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
13/3/2020 - 12:45:43.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
13/3/2020 - 12:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
13/3/2020 - 12:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
13/3/2020 - 12:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.856Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
13/3/2020 - 12:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
13/3/2020 - 12:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
13/3/2020 - 12:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
13/3/2020 - 12:45:43.965Open1480C:\malware.exeC:\dhcpcsvc6.DLL
13/3/2020 - 12:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/3/2020 - 12:45:43.965Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/3/2020 - 12:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/3/2020 - 12:45:43.965Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\CRYPTSP.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\RpcRtRemote.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/3/2020 - 12:45:44.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/3/2020 - 12:45:44.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\dhcpcsvc.DLL
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/3/2020 - 12:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/3/2020 - 12:45:44.75Open1480C:\malware.exeC:\rasadhlp.dll
13/3/2020 - 12:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
13/3/2020 - 12:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
13/3/2020 - 12:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
13/3/2020 - 12:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
13/3/2020 - 12:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
13/3/2020 - 12:45:44.168Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\malware.exe.Local
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:44.262Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.262Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 12:45:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
13/3/2020 - 12:45:44.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
13/3/2020 - 12:45:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\hnxyz[1].htm
13/3/2020 - 12:45:44.840Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\hnxyz[1].htmhnxyz[1].htm
13/3/2020 - 12:45:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:44.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:44.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:44.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:44.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\credssp.dll
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 12:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\ncrypt.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\bcrypt.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
13/3/2020 - 12:45:45.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
13/3/2020 - 12:45:45.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.840Open1480C:\malware.exeC:\GPAPI.dll
13/3/2020 - 12:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
13/3/2020 - 12:45:45.856Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\cryptnet.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\SensApi.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
13/3/2020 - 12:45:45.950Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\WINHTTP.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\webio.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 12:45:46.43Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
13/3/2020 - 12:45:46.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.231Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:46.653Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AE0F5C59F9FA661F6F4C50B87FEF3A15A
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_C95AFE779A09B6B8C03D47AD8998ACC3
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.668Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.700Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:46.840Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.840Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:46.840Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.75Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.215Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.215Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.215Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.215Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.215Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.215Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
13/3/2020 - 12:45:47.497Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.497Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.497Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.872Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.872Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.872Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.872Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.872Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:47.918Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4644B8874112055B5E195ECB0E8F243A4
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:47.965Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CCD9901CD8DD7EC9341954D5F91CCF2D
13/3/2020 - 12:45:48.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 12:45:48.262Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5536FC943142E802EDE0D3ED2852D6465536FC943142E802EDE0D3ED2852D646
13/3/2020 - 12:45:48.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hnxyz.zip

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
13/3/2020 - 12:45:43.762Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
13/3/2020 - 12:45:43.762Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
13/3/2020 - 12:45:43.762Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
13/3/2020 - 12:45:43.762Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
13/3/2020 - 12:45:43.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
13/3/2020 - 12:45:44.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.168Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:44.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:44.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:44.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:44.887Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
13/3/2020 - 12:45:45.497Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:45.497Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:45.497Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
13/3/2020 - 12:45:45.497Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:45.497Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 12:45:45.497Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 12:45:45.497Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 12:45:45.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:45.950Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 12:45:48.262Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
13/3/2020 - 12:45:48.262Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
13/3/2020 - 12:45:48.262Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob
13/3/2020 - 12:45:48.262Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CertificatesDAC9024F54D8F6DF94935FB1732638CA6AD77C13
13/3/2020 - 12:45:48.262Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13Blob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:49551 code ocsp.int-x3.letsencrypt.org.
computer localhost arrow_forward computer gateway:50043 code crl.identrust.com.
computer localhost arrow_forward computer gateway:DNS code isrg.trustid.ocsp.identrust.com.
computer localhost arrow_forward computer gateway:50273 code edaysch.ru.
computer localhost arrow_forward computer gateway:DNS code edaysch.ru.
computer localhost arrow_forward computer gateway:DNS code apps.identrust.com.
computer localhost arrow_forward computer gateway:59829 code isrg.trustid.ocsp.identrust.com.
computer localhost arrow_forward computer gateway:DNS code crl.identrust.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.int-x3.letsencrypt.org.

Response
computer gateway:DNS arrow_forward computer localhost code apps.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code crl.identrust.com. reply_all 192.35.177.64

computer gateway:DNS arrow_forward computer localhost code edaysch.ru. reply_all 81.177.165.131

computer gateway:DNS arrow_forward computer localhost code ocsp.int-x3.letsencrypt.org. reply_all 186.192.152.218

computer gateway:DNS arrow_forward computer localhost code isrg.trustid.ocsp.identrust.com. reply_all 186.192.152.200


TCP
Info
computer localhost:65191 arrow_forward 81.177.165.131:80
computer localhost:65195 arrow_forward 192.35.177.64:80
81.177.165.131:443 arrow_forward computer localhost:65192
192.35.177.64:80 arrow_forward computer localhost:65195
computer localhost:65192 arrow_forward 81.177.165.131:443
computer localhost:65194 arrow_forward 186.192.152.219:80
computer localhost:65193 arrow_forward 192.35.177.64:80
81.177.165.131:80 arrow_forward computer localhost:65191
186.192.152.219:80 arrow_forward computer localhost:65194
186.192.152.75:80 arrow_forward computer localhost:65196
192.35.177.64:80 arrow_forward computer localhost:65193
computer localhost:65196 arrow_forward 186.192.152.75:80

UDP
Info
computer localhost:49551 arrow_forward computer localhost:53
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:59829
computer localhost:53 arrow_forward computer localhost:49551
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50043
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:50043 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:59829 arrow_forward computer localhost:53
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET apps.identrust.com attach_file /roots/dstrootcax3.p7c
computer localhost send GET ocsp.int-x3.letsencrypt.org attach_file /MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgRQmIlu5gs%2BpLDXyJWUYIcSFQ%3D%3D
computer localhost send GET isrg.trustid.ocsp.identrust.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
computer localhost send GET edaysch.ru attach_file /includes/js/martins/hnxyz.zip
computer localhost send GET crl.identrust.com attach_file /DSTROOTCAX3CRL.crl

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.25%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 92.37%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 80.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 71.34%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: True check_circle

Add to Collection
Download