Report #9588 check_circle

  • Creation Date: March 13, 2020, 12:33 p.m.
  • Last Update: March 13, 2020, 2:12 p.m.
  • File: Comprovante_nfe.exe
  • Results:
Binary
DLL
False cancel
Size
840.50KB
trid
61.7% Win64 Executable
14.7% Win32 Dynamic Link Library
10.0% Win32 Executable
4.5% OS/2 Executable
4.4% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
5e16b4daabb3801bd2a3dab9ce3164d5
sha1
a6beaf7e26a19f61d24d28d480e2b0d1000af387
crc32
0x79cce683
sha224
84a1ffd680ce30bda0c08bfd615ccb1021a56ff1a3e8fdb293ca5eac
sha256
ec85173c37d96b6ce833f979a6f24a44f6e5054aea856646d4423e435b2d204e
sha384
2bc7bd69352ecfa974698d133688b419a665bcb92bc8d5c938a6f697bf70d1d70d344ab5050085526a18f5bbbc306654
sha512
c117d4a7e8f95997587509e72dc75d56472821d428933153286dad3e1867aae0141ca1b204d236e80cd5e4caa858bc56edc31437e683de4dba44b7b97d46e76f
ssdeep
12288:ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaITMP6A:ytb20pkaCqT5TBWgNQ7aQMP6A
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDebugData, CRC32_poly_Constant, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, CRC32_table, network_http, win_files_operation, IsPE32, AutoIT_compiled_script, screenshot, IP, contentis_base64, keylogger, win_token, AutoIt, IsWindowsGUI, inject_thread, anti_dbg, Microsoft_Visual_Cpp_8, win_registry

Suspicious
True check_circle

Strings
List
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
Gt.Ht$
WSOCK32.dll
Software\AutoIt v3\AutoIt
COMCTL32.dll
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
UxTheme.dll
0.0.0.0
MPR.dll
AUTOITCALLVARIABLE%d
255.255.255.255
SeDebugPrivilege
SeRestorePrivilege
<"t|<%tx<'tt<$tp<&tl<!th<otd<]t`<[t\<\tX<
\Include\
fr-ch
fr-ca
fr-be
This is a third-party compiled AutoIt script.
BACKSPACE
Hebrew
HOTKEYSET
Include
HOTKEYPRESSED
TaskbarCreated
regular expression is too large
invalid range in character class
failed to get memory
closed
number is too big
too many forward references
\ at end of pattern
\c at end of pattern
two named subpatterns have the same name
BROWSER_SEARCH
HKEY_CLASSES_ROOT
TCPSHUTDOWN
BROWSER_REFRESH
AutoIt has detected the stack has become corrupt.
BROWSER_STOP
BROWSER_FORWARD
BROWSER_BACK
BROWSER_HOME
LAUNCH_MAIL
BROWSER_FAVORTIES
HKEY_LOCAL_MACHINE
Line %d (File "%s"):
VOLUME_UP
VOLUME_DOWN
VOLUME_MUTE
] is an invalid data character in JavaScript compatibility mode
LAUNCH_MEDIA
SOFTWARE\Classes\
Line %d:
TCPLISTEN
FtpOpenFileW
SYSTEM\CurrentControlSet\Control\Nls\Language
FtpGetFileSize
FTPSETPROXY
SW_HIDE
AUTOITWINGETTITLE
GETCURRENTSELECTION
TCPCLOSESOCKET
TCPCONNECT
HTTPSETUSERAGENT
GETSELECTEDCOUNT
GETSELECTED
HTTPSETPROXY
WINGETCLASSLIST
CWM_GETCONTROLNAME
Control Panel\Mouse
Control Panel\Appearance
HttpOpenRequestW
HttpSendRequestW
/AutoIt3OutputDebug
mscoree.dll
LAUNCH_APP2
LAUNCH_APP1
WIN_VISTA
SeShutdownPrivilege
SeBackupPrivilege
SeIncreaseQuotaPrivilege
/AutoIt3ExecuteLine
SeAssignPrimaryTokenPrivilege
!"#$%%%%%%&&'()*+%%%%%%&&'()*+,,,,,,--./012RRRRRRRRRRRR3345566789::::;<=<=>?>@ABC>@ABCRRRRRDEFGHIJKLMNO
AUTOIT.ERROR
#requireadmin
>>>AUTOIT SCRIPT<<<
SHELLDLL_DefView
LOCALAPPDATADIR
<requestedPrivileges>
\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
winsta0\default
LOGONDNSDOMAIN
TCPNAMETOIP
USERDNSDOMAIN
TCPTimeout

Foremost
Matches
0.exe, 840 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 255.255.255.255, 1, record
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: USER32.DLL, kernel32.dll, mscoree.dll, combase.dll, ADVAPI32.dll, SHELL32.dll, WININET.dll, OLEAUT32.dll, PSAPI.DLL, VERSION.dll, GDI32.dll, COMCTL32.dll, COMDLG32.dll, USERENV.dll, ole32.dll, MPR.dll, WINMM.dll, IPHLPAPI.DLL, UxTheme.dll, WSOCK32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 288768
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 914950
Suspicous: False cancel

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 5
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 5
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 5.1
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 155508
Suspicious: False cancel

Anomalies
Anomalies: The Debug TimeDateStamp(s) and the file header TimeDateStamp do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, kernel32.dll, mscoree.dll, combase.dll, advapi32.dll, shell32.dll, wininet.dll, oleaut32.dll, psapi.dll, version.dll, gdi32.dll, comctl32.dll, comdlg32.dll, userenv.dll, ole32.dll, mpr.dll, winmm.dll, uxtheme.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: iphlpapi.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2014-10-29 22:06:27
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.data: 1
.text: 2
.rdata: 10

nopsequence
.text: 1

pushpopmath
.rsrc: 1
.text: 30
.rdata: 6
.reloc: 17

garbagebytes
.data: 1
.text: 2
.rdata: 5

hookdetection
.rdata: 3
.reloc: 4

stealthimport
.text: 1

software breakpoint
.text: 4
.rdata: 1
.reloc: 5

programcontrolflowchange
.data: 1
.text: 2
.rdata: 5

cpuinstructionsresultscomparison
.rsrc: 7
.rdata: 8

AVclass
autoit
1
VirusTotal
md5
5e16b4daabb3801bd2a3dab9ce3164d5
sha1
a6beaf7e26a19f61d24d28d480e2b0d1000af387
SCANS (DETECTION RATE = 54.55%)
AVG
result: FileRepMetagen [Malware]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=99)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
update: 20180325
version: 10.42.26601
detected: False cancel

ALYac
update: 20180325
version: 1.1.1.5
detected: False cancel

Avast
result: FileRepMetagen [Malware]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Downloader.A.6777
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180323
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/Trojan.WSOB-0854
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
update: 20180325
version: 7.0.28.2020
detected: False cancel

GData
result: AIT:Trojan.Autoit.CHB
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: Trj/Chgt.J
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan-Downloader.Autoit.gen
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Trojan.Win32.Generic!BT
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
update: 20180325
version: 0.99.2.0
detected: False cancel

Comodo
result: UnclassifiedMalware
update: 20180325
version: 28741
detected: True check_circle

F-Prot
update: 20180325
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan-Downloader.Win32.AutoIt
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!5E16B4DAABB3
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
update: 20180325
version: 25.0.0.1
detected: False cancel

Sophos
result: Troj/AutoIt-AVN
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent.Gen.QS
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
update: 20180323
version: 2.0.0.3519
detected: False cancel

Arcabit
result: AIT:Trojan.Autoit.CHB
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180316
version: 2.0.5
detected: False cancel

Tencent
result: Win32.Trojan-downloader.Autoit.Swla
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
update: 20180325
version: 3.0.3.1010
detected: False cancel

AegisLab
result: Troj.Downloader.W32.AutoIt.aeq!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: AIT:Trojan.Autoit.CHB (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180325
version: 11.0.19100.45
detected: False cancel

Fortinet
update: 20180325
version: 5.4.247.0
detected: False cancel

Invincea
result: heuristic
update: 20180121
version: 6.3.4.26036
detected: True check_circle

Jiangmin
update: 20180325
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Trojan Horse
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.02
detected: False cancel

AhnLab-V3
update: 20180324
version: 3.12.0.20130
detected: False cancel

Antiy-AVL
result: Trojan/Generic.ASVCS3S.1E5
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan-Downloader.Win32.AutoIt.aeq
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
update: 20180325
version: 1.1.14600.4
detected: False cancel

Qihoo-360
result: Win32/Trojan.Downloader.1b8
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: Trojan-Downloader.Win32.AutoIt.aeq
update: 20180325
version: 1.0
detected: True check_circle

ESET-NOD32
result: Win32/TrojanDownloader.Banload.UTV
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_BANLOAD.EJUN
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: AIT:Trojan.Autoit.CHB
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20180325
version: 10.42.26601
detected: False cancel

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
update: 20180325
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDownloader.AutoIt
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.AutoIt.dinhjn
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: AIT:Trojan.Autoit.CHB
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180325
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Downloader.ch
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_BANLOAD.EJUN
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
66
sha256
ec85173c37d96b6ce833f979a6f24a44f6e5054aea856646d4423e435b2d204e
scan_id
ec85173c37d96b6ce833f979a6f24a44f6e5054aea856646d4423e435b2d204e-1521960304
resource
5e16b4daabb3801bd2a3dab9ce3164d5
positives
36
scan_date
2018-03-25 06:45:04
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\Secur32.dll
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 13:45:43.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 13:45:43.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 13:45:43.559Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 13:45:43.559Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
13/3/2020 - 13:45:43.606Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
13/3/2020 - 13:45:43.606Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
13/3/2020 - 13:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
13/3/2020 - 13:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
13/3/2020 - 13:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 13:45:43.700Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 13:45:43.809Open1480C:\malware.exeC:\DNSAPI.dll
13/3/2020 - 13:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 13:45:43.809Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 13:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
13/3/2020 - 13:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\netprofm.dll
13/3/2020 - 13:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
13/3/2020 - 13:45:43.965Open1480C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
13/3/2020 - 13:45:44.12Open1480C:\malware.exeC:\dhcpcsvc6.DLL
13/3/2020 - 13:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/3/2020 - 13:45:44.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/3/2020 - 13:45:44.12Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
13/3/2020 - 13:45:44.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\CRYPTSP.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\RpcRtRemote.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/3/2020 - 13:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/3/2020 - 13:45:44.59Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
13/3/2020 - 13:45:44.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
13/3/2020 - 13:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 13:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 13:45:44.75Open1480C:\malware.exeC:\dhcpcsvc.DLL
13/3/2020 - 13:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/3/2020 - 13:45:44.75Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
13/3/2020 - 13:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
13/3/2020 - 13:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\npmproxy.dll
13/3/2020 - 13:45:44.137Open1480C:\malware.exeC:\rasadhlp.dll
13/3/2020 - 13:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
13/3/2020 - 13:45:44.137Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
13/3/2020 - 13:45:44.200Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
13/3/2020 - 13:45:44.200Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\malware.exe.Local
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 13:45:44.340Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.340Open1480C:\malware.exeC:\Windows\SysWOW64\wshqos.dll
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\credssp.dll
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Windows\SysWOW64\schannel.dll
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:44.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:44.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:44.575Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:44.575Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\ncrypt.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\bcrypt.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
13/3/2020 - 13:45:45.43Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
13/3/2020 - 13:45:45.43Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
13/3/2020 - 13:45:45.59Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
13/3/2020 - 13:45:45.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:45.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:45.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:45.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:45.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:45.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:45.59Open1480C:\malware.exeC:\GPAPI.dll
13/3/2020 - 13:45:45.59Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
13/3/2020 - 13:45:45.59Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\cryptnet.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_E8BA778045934C3C7879AC75FF5434B4
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.168Open1480C:\malware.exeC:\SensApi.dll
13/3/2020 - 13:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
13/3/2020 - 13:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
13/3/2020 - 13:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.215Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.215Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\WINHTTP.dll
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\webio.dll
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
13/3/2020 - 13:45:45.262Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
13/3/2020 - 13:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 13:45:45.309Open1480C:\malware.exeC:\Windows\SysWOW64\wininet.dll
13/3/2020 - 13:45:45.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.372Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.372Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.465Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.465Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.715Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.715Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.715Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C778746BADA8974A10C4BD62CC921D13E43B18_EE9DB89C3D6A328B5FEAFF0ED3C77874
13/3/2020 - 13:45:45.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.903Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.903Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.981Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.981Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F82CB34DD3343FE727DF8890D352E0D8F
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_E0825B2234E5EAF3FA8B933A4D3C3839
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D57B3BFF6E0B79FBD8CB6482C7775D35
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C07822D66105396A1B8E01486E66C5F3
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:45.997Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:45.997Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.200Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
13/3/2020 - 13:45:46.247Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:45:46.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E1E698CCB2C296D265AC1A253974E09FD_8B810BA14CD35904E3F33080F639609E
13/3/2020 - 13:46:6.293Open1480C:\malware.exeC:\Monitor
13/3/2020 - 13:46:6.293Unknown1480C:\malware.exeC:\Monitor
13/3/2020 - 13:46:6.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\iexplorerupdate.exe
13/3/2020 - 13:46:6.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\iexplorerupdate.exe.exe
13/3/2020 - 13:46:15.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\iexplorerupdate.exe
13/3/2020 - 13:46:15.309Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
13/3/2020 - 13:46:15.309Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Windows
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Monitor
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
13/3/2020 - 13:46:15.543Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui

Process
Trace

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
13/3/2020 - 13:45:43.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
13/3/2020 - 13:45:43.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
13/3/2020 - 13:45:43.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
13/3/2020 - 13:45:43.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
13/3/2020 - 13:45:43.606Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
13/3/2020 - 13:45:43.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
13/3/2020 - 13:45:43.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
13/3/2020 - 13:45:43.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
13/3/2020 - 13:45:43.606Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
13/3/2020 - 13:45:44.59Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
13/3/2020 - 13:45:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 13:45:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 13:45:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 13:45:44.137Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 13:45:45.153Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 13:45:45.153Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 13:45:45.153Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 13:45:45.153Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 13:45:45.153Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionReason
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecisionTime
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDecision
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadNetworkName
13/3/2020 - 13:45:45.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D8C667F4-C62D-460A-82E2-EC8687C3DC60}WpadDetectedUrl
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 13:45:45.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
13/3/2020 - 13:45:45.528Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
13/3/2020 - 13:45:45.528Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code s3-eu-west-1.amazonaws.com.
computer localhost arrow_forward computer gateway:DNS code crl3.digicert.com.
computer localhost arrow_forward computer gateway:DNS code s3-eu-west-1.amazonaws.com.

Response
computer gateway:DNS arrow_forward computer localhost code s3-eu-west-1.amazonaws.com. reply_all 52.218.110.155

computer gateway:DNS arrow_forward computer localhost code crl3.digicert.com. reply_all 192.16.58.8


TCP
Info
192.16.58.8:80 arrow_forward computer localhost:65192
computer localhost:65192 arrow_forward 192.16.58.8:80
192.16.58.8:80 arrow_forward computer localhost:65193
computer localhost:65191 arrow_forward 52.218.110.155:443
computer localhost:65193 arrow_forward 192.16.58.8:80
52.218.110.155:443 arrow_forward computer localhost:65191

UDP
Info
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:68 arrow_forward help_outline 255.255.255.255:67
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:67 arrow_forward computer localhost:68
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET crl3.digicert.com attach_file /Omniroot2025.crl
computer localhost send GET ocsp.digicert.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAGC%2BAmOouYmuRo7J4Qfua8%3D
computer localhost send GET ocsp.digicert.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTuqL92L3tjkN67RNFF%2FEdvT6NEzAQUwBKyKHRoRmfpcCV0GgBFWwZ9XEQCEAarhzxLUSB32RFdwUUpirU%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 97.40%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.48%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 72.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 74.52%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download