Report #9848 check_circle

  • Creation Date: May 26, 2020, 5 p.m.
  • Last Update: May 26, 2020, 5:04 p.m.
  • File: rufus-3.9.exe
  • Results:
Binary
DLL
False cancel
Size
1.14MB
trid
61.2% UPX compressed Win32 Executable
14.8% Win32 Dynamic Link Library
10.2% Win32 Executable
4.5% OS/2 Executable
4.5% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
d8b30d4c4dbc07b11573481b58adcd4b
sha1
38d643ded3b34851884c0c55fbf7ea2bf5c52f9f
crc32
0x7899918
sha224
8c5ceb393c53920e0f117d72abae4914fd3de1fd1e7ac64dd6c8ca53
sha256
d761d571bb4dcf5164484f3b573fe1c420444c77176f14d52ae5909d02360c75
sha384
7039d224d24724e801034dbd203020cbeb8adb6b70faf39cdc8444b5c158aaab92b77c9bd0f7cdd78766f6c2a4420f5d
sha512
57de5115b8989e8589ce355cc6ffdc74c51ec3d12f68f6cfd53472146c36684b89b9853dce0f2fc8cf82b040ffa76e838f1608b1fd18beac645037cb219b2f07
ssdeep
24576:ed0dkhseUYQ6WEtCSSIHNZOLCvMCYmqTb77/gtt4q9aM:edgkuenQ6W1HWNZ7vMSqTb7Li
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional, UPX_wwwupxsourceforgenet, screenshot, UPX_wwwupxsourceforgenet_additional, url, IP, contentis_base64, domain, yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h, IsPacked, HasOverlay, UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser, UPX_302, UPX, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
https://secure.comodo.net/CPS0C
%http://s.symcb.com/universal-root.crl0
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
https://www.gnu.org/licenses/gpl-3.0.html
https://d.symcb.com/rpa0@
https://d.symcb.com/cps0%
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
https://rufus.ie
HO.Nf
Od.sL
http://ocsp.comodoca.com0
http://ocsp.comodoca.com0
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
5SE.sO
CRYPT32.dll
k.pK
Q.BM
http://s.symcd.com06
L$U.Gh
WINTRUST.dll
rufus-3.9.exe
http://ts-ocsp.ws.symantec.com0;
3.eT^
Heg|3
*.[_
n<Is`qfD
HE&o
HI,E
Ww?rFh
name="Microsoft.Windows.Common-Controls"
E~Qo%Fs$
wH%9E
d%n4a
a"=%sF#
<t+%o
a%iM:
%Fe@u
=%E-'
,~H%e
%eU"M
Ig]%n
<!-- If you don't have those in your app, Windows 10's GetVersionEx() -->
%FheP
sKr%sH
HMWE%E
COMODO RSA Code Signing CA
Eeo:\v
<requestedPrivileges>
support@akeo.ie0
9w.CO`3
rt:\FT
publicKeyToken="6595b64144ccf1df"
v.Om[
GetProcAddress
ExitProcess
E0C0A
ShellExecuteA
VirtualProtect
LoadLibraryA
Ab5E
EdC2
eaC0
EC2d
COMODO CA Limited1#0!
COMODO CA Limited1#0!
COMODO CA Limited1+0)
COMODO CA Limited1#0!
eda1
-.kM
<83"
AWL9;
Rdo^ 3
"COMODO RSA Certification Authority0
:\+
]w[,E>U
GetDC
G_HRO
&oT|
COMODO RSA Code Signing CA0
COMODO RSA Code Signing CA0
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 10 -->
<!-- Windows 8 -->
<!-- Windows 7 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
level="requireAdministrator"
<requestedExecutionLevel
R_YE
ET_M
version="6.0.0.0"
COMCTL32.DLL

Foremost
Matches
0.exe, 1 MB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://schemas.microsoft.com/smi/2005/windowssettings
hasURLs: True check_circle
Suspicious: http://s.symcb.com/universal-root.crl0, https://d.symcb.com/cps0%, http://ocsp.comodoca.com0, https://secure.comodo.net/cps0c, https://rufus.ie, http://s.symcd.com06, http://crl.comodoca.com/comodorsacertificationauthority.crl0q, http://crl.comodoca.com/comodorsacodesigningca.crl0t, https://www.gnu.org/licenses/gpl-3.0.html, http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(, http://crt.comodoca.com/comodorsaaddtrustca.crt0$, http://ts-ocsp.ws.symantec.com0;, https://d.symcb.com/rpa0@, https://d.symcb.com/rpa0., http://crt.comodoca.com/comodorsacodesigningca.crt0$, http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: ADVAPI32.dll, COMCTL32.DLL, ole32.dll, GDI32.dll, USER32.dll, SHLWAPI.dll, SETUPAPI.dll, WINTRUST.dll, COMDLG32.DLL, KERNEL32.DLL, SHELL32.dll, CRYPT32.dll, msvcrt.dll
hasFiles: True check_circle
Suspicious: 5SE.sO
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 45056
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 4096
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1244648
Suspicous: False cancel

Sections
Allowed: .rsrc
Suspicious: upx0, upx1
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: True check_circle

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 4
Linker
Version: 2.34
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 3270128
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: advapi32.dll, comctl32.dll, ole32.dll, gdi32.dll, user32.dll, shlwapi.dll, setupapi.dll, wintrust.dll, comdlg32.dll, kernel32.dll, shell32.dll, crypt32.dll, msvcrt.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: True check_circle
Valid: True check_circle
Value: 1969-12-31 21:00:00
Future: False cancel

Compilation
Packed: True check_circle
Missing: False cancel
Packers: UPX v3.0 (EXE_LZMA) -> Markus Oberhumer & Laszlo Molnar & John Reiser, UPX -> www.upx.sourceforge.net
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 1271
.rsrc: 1

pushpopmath
none: 653
.rsrc: 5

ss register
none: 14

garbagebytes
none: 476

hookdetection
none: 42

software breakpoint
none: 31
.rsrc: 1

fakeconditionaljumps
none: 38

programcontrolflowchange
none: 442

cpuinstructionsresultscomparison
none: 8
.rsrc: 4

AVclass
None
1
VirusTotal
md5
d8b30d4c4dbc07b11573481b58adcd4b
sha1
38d643ded3b34851884c0c55fbf7ea2bf5c52f9f
SCANS (DETECTION RATE = 1.41%)
AVG
update: 20200524
version: 18.4.3895.0
detected: False cancel

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
update: 20200524
version: 2019.9.16.1
detected: False cancel

APEX
update: 20200522
version: 6.24
detected: False cancel

Bkav
update: 20200523
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200524
version: 11.111.34187
detected: False cancel

ALYac
update: 20200524
version: 1.1.1.5
detected: False cancel

Avast
update: 20200524
version: 18.4.3895.0
detected: False cancel

Avira
update: 20200524
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20200524
version: 6.3.0.2
detected: False cancel

DrWeb
update: 20200524
version: 7.0.46.3050
detected: False cancel

GData
update: 20200524
version: A:25.25731B:26.18848
detected: False cancel

Panda
update: 20200524
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200522
version: 4.4.1
detected: False cancel

VIPRE
update: 20200524
version: 83964
detected: False cancel

Zoner
update: 20200523
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200524
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200524
version: 32472
detected: False cancel

F-Prot
update: 20200524
version: 4.7.1.166
detected: False cancel

Ikarus
update: 20200524
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200524
version: 6.0.6.653
detected: False cancel

Rising
update: 20200524
version: 25.0.0.25
detected: False cancel

Sophos
update: 20200524
version: 4.98.0
detected: False cancel

Yandex
update: 20200523
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200523
version: 2.0.0.4096
detected: False cancel

Acronis
update: 20200515
version: 1.1.1.76
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200524
version: 1.0.0.875
detected: False cancel

Cylance
update: 20200524
version: 2.3.1.101
detected: False cancel

Endgame
update: 20200512
version: 4.0.2
detected: False cancel

FireEye
update: 20200524
version: 32.31.0.0
detected: False cancel

Sangfor
update: 20200423
version: 1.0
detected: False cancel

TACHYON
update: 20200524
version: 2020-05-24.02
detected: False cancel

Tencent
update: 20200524
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200524
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200524
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200524
detected: False cancel

Ad-Aware
update: 20200524
version: 3.0.5.370
detected: False cancel

AegisLab
update: 20200524
version: 4.2
detected: False cancel

Emsisoft
update: 20200524
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200524
version: 12.0.86.52
detected: False cancel

Fortinet
update: 20200524
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200524
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200524
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200524
version: 1.0
detected: False cancel

Symantec
update: 20200524
version: 1.11.0.0
detected: False cancel

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
update: 20200524
version: 3.17.6.27456
detected: False cancel

Antiy-AVL
result: GrayWare[AdWare]/Win32.ExtGPi
update: 20200524
version: 3.0.0.1
detected: True check_circle

Kaspersky
update: 20200524
version: 15.0.1.13
detected: False cancel

MaxSecure
update: 20200524
version: 1.0.0.1
detected: False cancel

Microsoft
update: 20200524
version: 1.1.17000.7
detected: False cancel

Qihoo-360
update: 20200524
version: 1.0.0.1120
detected: False cancel

ZoneAlarm
update: 20200524
version: 1.0
detected: False cancel

ESET-NOD32
update: 20200524
version: 21380
detected: False cancel

TrendMicro
update: 20200524
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200524
version: 7.2
detected: False cancel

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200524
version: 11.111.34187
detected: False cancel

SentinelOne
update: 20200513
version: 4.3.0.0
detected: False cancel

Avast-Mobile
update: 20200522
version: 200522-00
detected: False cancel

Malwarebytes
update: 20200524
version: 3.6.4.335
detected: False cancel

CAT-QuickHeal
update: 20200524
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200524
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
update: 20200521
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
update: 20200524
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200522
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
update: 20200524
version: v2017.3010
detected: False cancel

TrendMicro-HouseCall
update: 20200524
version: 10.0.0.1040
detected: False cancel

total
71
sha256
d761d571bb4dcf5164484f3b573fe1c420444c77176f14d52ae5909d02360c75
scan_id
d761d571bb4dcf5164484f3b573fe1c420444c77176f14d52ae5909d02360c75-1590344532
resource
d8b30d4c4dbc07b11573481b58adcd4b
positives
1
scan_date
2020-05-24 18:22:12
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
26/5/2020 - 16:53:8.138Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.185Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.231Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.278Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.325Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.372Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.466Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.606Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.653Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.700Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.747Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.794Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.841Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.888Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.935Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:8.981Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.28Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.75Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.122Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.169Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.216Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.263Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.310Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.356Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.403Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.450Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.497Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.544Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.591Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.638Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.685Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.731Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mctres.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\riched20.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\riched20.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\riched20.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\riched20.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\riched20.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.778Read1728C:\malware.exeC:\Windows\System32\mshtml.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\ntdll.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\kernel32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\KernelBase.dllKernelBase.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_14556c1e8b95d0b8\GdiPlus.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\msvcrt.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\user32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\gdi32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\lpk.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\usp10.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\ole32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\rpcrt4.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\imm32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\msctf.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\version.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\sfc_os.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\sspicli.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\rsaenh.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\uxtheme.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\dwmapi.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\advapi32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\sechost.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\shlwapi.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\shell32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\WindowsCodecs.dllWindowsCodecs.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\clbcatq.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\oleaut32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\ieframe.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\normaliz.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\iertutil.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\urlmon.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dllapi-ms-win-downlevel-ole32-l1-1-0.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\wininet.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\userenv.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\profapi.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\apphelp.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\System32\secur32.dll
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exe\Device\HarddiskVolume2
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64win.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64win.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64cpu.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64cpu.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\System32\wow64log.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Monitor
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\SysWOW64\sechost.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\SysWOW64\sechost.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\malware.exe.Local
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
26/5/2020 - 16:53:9.888Unknown1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
26/5/2020 - 16:53:9.888Open1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
26/5/2020 - 16:53:10.294Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
26/5/2020 - 16:53:10.294Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
26/5/2020 - 16:53:10.294Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
26/5/2020 - 16:53:10.294Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
26/5/2020 - 16:53:10.294Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
26/5/2020 - 16:53:10.294Open1728C:\malware.exeC:\Windows\SysWOW64\imm32.dll
26/5/2020 - 16:53:10.341Open1728C:\malware.exeC:\Windows\WindowsShell.Manifest
26/5/2020 - 16:53:10.341Unknown1728C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
26/5/2020 - 16:53:10.778Read1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:11.294Open1728C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
26/5/2020 - 16:53:11.294Open1728C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
26/5/2020 - 16:53:11.622Open1728C:\malware.exeC:\Monitor\rufus.com
26/5/2020 - 16:53:11.622Write1728C:\malware.exeC:\Monitor\rufus.com
26/5/2020 - 16:53:11.622Unknown1728C:\malware.exeC:\Monitor\rufus.com
26/5/2020 - 16:53:11.997Open1728C:\malware.exeC:\Monitor\rufus.ini
26/5/2020 - 16:53:12.325Open1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:12.325Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:12.325Open1728C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
26/5/2020 - 16:53:12.325Unknown1728C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
26/5/2020 - 16:53:12.325Open1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:12.513Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:12.513Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.513Open1728C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
26/5/2020 - 16:53:12.560Unknown1728C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
26/5/2020 - 16:53:12.560Unknown1728C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
26/5/2020 - 16:53:12.560Open1728C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
26/5/2020 - 16:53:12.794Open1728C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
26/5/2020 - 16:53:12.794Open1728C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
26/5/2020 - 16:53:13.28Open1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
26/5/2020 - 16:53:13.28Unknown1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Open1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.28Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.75Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.122Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.169Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.216Read1728C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:13.341Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:13.341Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:13.341Unknown1728C:\malware.exeC:\malware.exe
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\Monitor\rufus.loc
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
26/5/2020 - 16:53:13.341Unknown1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Write1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Unknown1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Open1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.341Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.356Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Unknown1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:13.372Open1728C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
26/5/2020 - 16:53:13.372Open1728C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
26/5/2020 - 16:53:13.372Open1728C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
26/5/2020 - 16:53:13.372Open1728C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
26/5/2020 - 16:53:13.497Open1728C:\malware.exeC:\Windows\SysWOW64\riched20.dll
26/5/2020 - 16:53:13.497Open1728C:\malware.exeC:\Windows\SysWOW64\riched20.dll
26/5/2020 - 16:53:13.544Open1728C:\malware.exeC:\Windows\SysWOW64\gpedit.dll
26/5/2020 - 16:53:13.544Open1728C:\malware.exeC:\Windows\SysWOW64\gpedit.dll
26/5/2020 - 16:53:13.731Open1728C:\malware.exeC:\Windows\SysWOW64\gpedit.dll
26/5/2020 - 16:53:13.747Open1728C:\malware.exeC:\Windows\SysWOW64\activeds.dll
26/5/2020 - 16:53:13.747Open1728C:\malware.exeC:\Windows\SysWOW64\activeds.dll
26/5/2020 - 16:53:13.935Open1728C:\malware.exeC:\Windows\SysWOW64\adsldpc.dll
26/5/2020 - 16:53:13.935Open1728C:\malware.exeC:\Windows\SysWOW64\adsldpc.dll
26/5/2020 - 16:53:14.403Open1728C:\malware.exeC:\Windows\SysWOW64\atl.dll
26/5/2020 - 16:53:14.403Open1728C:\malware.exeC:\Windows\SysWOW64\atl.dll
26/5/2020 - 16:53:14.638Open1728C:\malware.exeC:\Windows\SysWOW64\dsuiext.dll
26/5/2020 - 16:53:14.685Open1728C:\malware.exeC:\Windows\SysWOW64\dsuiext.dll
26/5/2020 - 16:53:14.872Open1728C:\malware.exeC:\malware.exe.Local
26/5/2020 - 16:53:14.872Open1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
26/5/2020 - 16:53:14.872Unknown1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
26/5/2020 - 16:53:14.872Open1728C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
26/5/2020 - 16:53:14.872Open1728C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
26/5/2020 - 16:53:14.872Open1728C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
26/5/2020 - 16:53:15.294Open1728C:\malware.exeC:\Windows\SysWOW64\mpr.dll
26/5/2020 - 16:53:15.294Open1728C:\malware.exeC:\Windows\SysWOW64\mpr.dll
26/5/2020 - 16:53:15.481Open1728C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
26/5/2020 - 16:53:15.528Open1728C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
26/5/2020 - 16:53:15.669Open1728C:\malware.exeC:\Windows\SysWOW64\netutils.dll
26/5/2020 - 16:53:15.669Open1728C:\malware.exeC:\Windows\SysWOW64\netutils.dll
26/5/2020 - 16:53:15.810Open1728C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
26/5/2020 - 16:53:15.810Open1728C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
26/5/2020 - 16:53:15.950Open1728C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
26/5/2020 - 16:53:15.950Open1728C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
26/5/2020 - 16:53:16.91Open1728C:\malware.exeC:\DSROLE.DLL
26/5/2020 - 16:53:16.91Open1728C:\malware.exeC:\Windows\SysWOW64\dsrole.dll
26/5/2020 - 16:53:16.91Open1728C:\malware.exeC:\Windows\SysWOW64\dsrole.dll
26/5/2020 - 16:53:16.231Open1728C:\malware.exeC:\LOGONCLI.DLL
26/5/2020 - 16:53:16.231Open1728C:\malware.exeC:\Windows\SysWOW64\logoncli.dll
26/5/2020 - 16:53:16.231Open1728C:\malware.exeC:\Windows\SysWOW64\logoncli.dll
26/5/2020 - 16:53:16.513Open1728C:\malware.exeC:\Windows\SysWOW64\dssec.dll
26/5/2020 - 16:53:16.513Open1728C:\malware.exeC:\Windows\SysWOW64\dssec.dll
26/5/2020 - 16:53:16.653Open1728C:\malware.exeC:\Windows\SysWOW64\authz.dll
26/5/2020 - 16:53:16.653Open1728C:\malware.exeC:\Windows\SysWOW64\authz.dll
26/5/2020 - 16:53:16.841Open1728C:\malware.exeC:\DFSCLI.DLL
26/5/2020 - 16:53:16.841Open1728C:\malware.exeC:\Windows\SysWOW64\dfscli.dll
26/5/2020 - 16:53:16.841Open1728C:\malware.exeC:\Windows\SysWOW64\dfscli.dll
26/5/2020 - 16:53:17.75Open1728C:\malware.exeC:\SAMCLI.DLL
26/5/2020 - 16:53:17.75Open1728C:\malware.exeC:\Windows\SysWOW64\samcli.dll
26/5/2020 - 16:53:17.75Open1728C:\malware.exeC:\Windows\SysWOW64\samcli.dll
26/5/2020 - 16:53:17.310Open1728C:\malware.exeC:\Windows\SysWOW64\secur32.dll
26/5/2020 - 16:53:17.310Open1728C:\malware.exeC:\Windows\SysWOW64\secur32.dll
26/5/2020 - 16:53:17.497Open1728C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
26/5/2020 - 16:53:17.497Open1728C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
26/5/2020 - 16:53:17.778Open1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dll
26/5/2020 - 16:53:17.778Unknown1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:17.778Open1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dll
26/5/2020 - 16:53:17.778Read1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:17.825Read1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:17.872Read1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:17.919Read1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:17.966Read1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:18.13Read1728C:\malware.exeC:\Windows\SysWOW64\framedynos.dllframedynos.dll
26/5/2020 - 16:53:18.60Open1728C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
26/5/2020 - 16:53:18.60Open1728C:\malware.exeC:\Windows\SysWOW64\wtsapi32.dll
26/5/2020 - 16:53:18.60Open1728C:\malware.exeC:\Windows\SysWOW64\slc.dll
26/5/2020 - 16:53:18.106Open1728C:\malware.exeC:\Windows\SysWOW64\slc.dll
26/5/2020 - 16:53:18.575Open1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.575Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.575Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.575Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.575Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Open1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.591Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.606Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.606Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.606Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.606Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.606Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.669Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.669Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.669Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.685Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.685Read1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp
26/5/2020 - 16:53:18.685Unknown1728C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\RufDCCF.tmp

Process
Trace

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
26/5/2020 - 16:53:12.560Write1728C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
26/5/2020 - 16:53:12.560Write1728C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
26/5/2020 - 16:53:12.560Write1728C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
26/5/2020 - 16:53:12.560Write1728C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
26/5/2020 - 16:53:12.560Write1728C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
26/5/2020 - 16:53:18.685Write1728C:\malware.exeHKCU\Software\Akeo Consulting\RufusLocale

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 93.42%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 64.08%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 51.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 52.57%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.98%
suspicious: False cancel

Add to Collection
Download