Report #10521 check_circle

Binary
DLL
False cancel
Size
306.50KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
06a4600d2cf671ae25307856c7ebc6c3
sha1
8f9dfe69fd80fa80a26604b98b788cc51adc6806
crc32
0x57e35cca
sha224
754f3183c4bc0034f81f8d51d945e90097f94c8e2dd223c924284550
sha256
cfc7ac63065aa877873bcb233adb467a76494e35256575a9f964fff6c71b411c
sha384
eae7891d3da6de70326e7837b14cc2300be5dd53406e36cba7196e3204207b88aaae5f83931339eb5a1d5075f6667a5f
sha512
1c0acad5cc6130617ee1e928b33e9ecbc567533e90ec9de854ca4231c133f29d15264e5bd5259fbdc4c1a50ca8907c18f9ad0ac4fe53747890cc22a3ae1b25b3
ssdeep
6144:Lafc83TP4PPPraPM8SL9AlQX5Tw9VsjVKZzCap0I:YcUTP4P2kVL6lQX1w9eAzCap/
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
jaccesswalker.Properties
WukSahvSY+fDO9yR34nLogVaG6PAixnxTzAj2WdukigCKIjwfRJqPfkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5DYEPQ8zXQhym4ISW5ijPkHQan+8J6qt3+RLdQO2KzJhZy3oAoLbTV7iEMU2H55gAB1ryp+nn8Y2uw1zHkvwTHem/7kxRVQxMDMCdLKy0Rs9ewTHGdydPIYQNb51rmvlC5SRmRz1ukdMTvoWm96hnkJ6Kbmw4uFhvBOu/3Hz9tj/5CdhrK1nYedpchTwVsvU5gGur82+DHXvodQQQ0AnWVMcFEj+lDbDycDOozMp+452T5N6dMD08KvIKttfGAbXGwsKrWsUg22KJ38SXDdpb+0zOJpZoxNJ7+QnYaytZ2Hl8D/TXTOLHbN9CGMM0S8uQ6EnIYBIMSD75CdhrK1nYeXNdDvclG7HmlbIZjuwxQp5hkz0qo4f2rS7ihAetK377YZM9KqOH9q35CdhrK1nYefkJ2GsrWdh5HY6NO+09H9Bom/IUE1QM6ims+e3VVRM/+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5VA44tmj2S6+JAeZqQpQ5yju1boIf0QMImwbLgSwb7pL5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5mlAFuuqI+j75CdhrK1nYefkJ2GsrWdh54DAEiwTSHZf5CdhrK1nYefkJ2GsrWdh54uZxmNR0PQQWOv05ghf5FOzqMLMHpUKhd0a9HlhN/c+B4UEP6YEdFvkJ2GsrWdh5+QnYaytZ2HmHHL/bGIzLLkN5+uTtSdWpW+kk92haeCeWjZkEWbDGPcM73JHficuixufmNtvMmcf5CdhrK1nYefkJ2GsrWdh5xufmNtvMmcf8fITz/TaFUeWAgo7cx06vVA44tmj2S6/oSchgEgxIPgnjLHtup3br+QnYaytZ2Hn5CdhrK1nYecbn5jbbzJnH39NBuNb8++f5CdhrK1nYefkJ2GsrWdh53IbuDN8Yn6L5CdhrK1nYeUF12KCvHTG7W1hV1xK9LAhTLkksp2lPw45lX8MntaOwt6cAmBjUk7zsb/zyWUIPlvkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2HmMK3Ck49ed16Myl57UQEudvI53aKsY5SzeUhtXSTWjn/KX3EavPqsJ9Lg56Tpt67Tw48RABl12buubowKTuW28fVNcg5xAliszZ/m0Ti8GpFQA0r/0zjRlLCsey9EZWiEtwL7Hb2sac4DyCD2gZC7Y/TJvySL08Dx0TXWk7hCjJhXpUKVqSjS7F27+t9f7YNetFwpzTuP1rbqRC0PlULX8Y/+ScvZL3xOkyb7O9nvF55MmCVHeTFn42gpgPqFwOKEWQ0gd3slEreaXrnFIUH8Gbp8iW/Z756+sW//BOjYfhucWNEZ34JSbe9UwULAKxcohsOx+VTFjZ32BeJPGFyegmbmPAyg/rD081U0zbebW99kYKWFM1PmPBZdwK0rLAzgXh/8bPckuImJXbN1uukKsfBfw/YxUZBf39rpxcpL8Vd5SjOm4MoSnyxTZ16EYXCj1NiLOAtLjkqLaqhI/vU15654jcxON+fHAdhxs3EXx+AfiNjdobxYtBCCWC+1S7GMHCpIJzb+7hLV6YqiBm97WdspJlulAOVy1emKogZve1rEC1wY/zKMnVO5V5aei7hY9jHvLUKUN87PaXGETEmXJ9hj0pAK/EB0NjoOorHB0tUXVa1vT58rl7D4J01u8e/ckhEDOmL4Uam9iLh8KDk6IXCiag3gZG7IoXSSHD4+e9adAkxaUZv+lgxPpZovN4wtFdHsUYXIJPEa6SAimPhzfvNIoXUoA6oYIPerSDdBXoTuZxZTjkONMTxznXJYOhlrwyZQ7H4+Dy5dC9h/2FWkWhXhspGinbi6cDIoV0udDHxlRFkBqAOUoIKzEGOnBK1US4HQ1zjfwUsRveO7ouWz63JHiQB5m4tx9JGAVFy9nXn0nnnXhXz/HIOe2VKJMqGsLKeDJ7aXL5+fWYRCNABmHqi3InVQOUm8FqPojxjU86qfsX1WN8mbrmERr2pUFdW4QqZARaov41z4HAnL/ND5qnhhEq4AL2BYPHvkDPE0jdd/Vn1IKi4Z0Ctc9ZUhZewbu2tCPhl7btEYvS5DyABT2u/OSBzr6d9GtGvSdExLSaIDLipSiqByO7AqJh/LgkGaB+fZozu3k2UvYEf1Nur6I42YlQojMkoWov/UWFwM+4w2GTg7y34FzPUH7aQofICDy4fCITOzWiGokqzohNSetVwBgirGPtGji/HV9xdNZ1jVj67K5eOQsSTaAA2bTIY2B4uGRuDegR/V95o76hzIcbiDwnH4iUII06o92OFNUOYjc/h01zEvCoEjhifYcQU9kUD+YUh9wBx7FmaN37CAQ4uwM6ybJ3twdp3a/vI6LWPyErzGoQivaENXa5o3mTgZBAw6t0g5+11rKZGufxc+YOp3bgIT+VqGkS+gdDTWKFKBUZz5W4SqCLh6RaSZN14tOS0cPhRtInLwDolG7m+QoZMSvxRxWowyCPdqSAxH0yhDV2uaN5k4GvMPa47TblmJaymRrn8XPmNgKfOe8zZZBpEvoHQ01ihQBRBHMHCbbNC4ekWkmTdeLTktHD4UbSJyDwSjACe84dWTEr8UcVqMMyduBBgtf6pIQ1drmjeZOBlPzIeWWodqwWspka5/Fz5g8cWyKh/56MKRL6B0NNYoU8in+boK8uokuHpFpJk3Xi05LRw+FG0icbCz1ivE1NGpkxK/FHFajDAnLXAkm915xENXa5o3mTgYAOTLFqNemB1rKZGufxc+Yrl2HLVhNHo6kS+gdDTWKFEAge0Jkp4FCLh6RaSZN14tOS0cPhRtInDxUm3zZu6FnJ1EMUBGLzLh4z5cCR+I/UXq+kg1RYX6DAYo7pexv4ghjggXhMNL2iBasE2EmAZiCfQgx4mRay5CxvfRDxyGzqCogKBsc9wJaA2E0anZYVKDULAwlhzVLqs3KLS8oKAw1o/f047cVAP94z5cCR+I/Uf68tUH+K2LWxRxkyVprjS4YyHUs0c5s9enBxX/bBNAZWXBOaVXmTlnht7tl/Be0zBGaW9uIg8YmLaVNialdnLP9HU9FiaygoSxUrt85sUf/+NGx0V9wKtELLa6AqnM8z9kNP77Pl4QKpqYZV6gdBV+3W1p9KK9xmfEj2C3zsNbfzcotLygoDDWj9/TjtxUA/+G3u2X8F7TMaV2XC2DxGirFHGTJWmuNLlVR2JSit1OsNQWqN9cTNGpZcE5pVeZOWeG3u2X8F7TMfo9xZLoqkMfFHGTJWmuNLgYHVWT3OBni8hiZ7k4luVb9HU9FiaygoSxUrt85sUf/+NGx0V9wKtGJoGwSSHCSizmJwdgbywZjpqYZV6gdBV98OwMD4g5soPEj2C3zsNbfzcotLygoDDWj9/TjtxUA/3UPOVMjxgULaV2XC2DxGirFHGTJWmuNLgYHVWT3OBniNQWqN9cTNGpZcE5pVeZOWXUPOVMjxgULfo9xZLoqkMfFHGTJWmuNLrExLtNHT8lP7sxM+3e1I0Aq9015FjKFmGVwIeAEyNFA8j7DQsL2pFiM0Hzq4g4j32dHtwS7yW3SJsMwsPelJCD40bHRX3Aq0WX4eBwc7gM/+aMCu8RsMiAlSeVd1rxaocUcZMlaa40usTEu00dPyU/FZAma3shvphy5+6M6hWEQQ+0oM86hcsT5oCLDb1KANMUcZMlaa40usTEu00dPyU+fX7cbciYHuA6ixpA1mdkiwY0n3jUpbxJ/42+yrB5ENV9bB51+Veq0RaNCsMSLIqXFHGTJWmuNLumFGczFaRHjwUpUWZV5I8OhvBnRX2MonUaCEBz69+cm50LWNedLCXu8vrva9pxyS+KzAP1EBQ2Vxcafo54IYj8zrAR3jcEJp5JJHSrSlIZl+NGx0V9wKtEM96vmP1B4GdkNP77Pl4QKGlv1A/0rBBozrAR3jcEJp/p7ChkjVGLs+NGx0V9wKtEk9Ob1Pd3AAygf5+Twb5OYxf49aWHOj/DTutIhiZwtVBNl1f1finanrX/ZCc18cRZMGBqr2IuGgcUcZMlaa40ui4AJhnFDg/YrhEzroL+yUuKzAP1EBQ2Vxcafo54IYj/bzjoOKCi5YZJJHSrSlIZl+NGx0V9wKtFKLh8gOW83wdkNP77Pl4QKGlv1A/0rBBrbzjoOKCi5Yfp7ChkjVGLs+NGx0V9wKtFvFhwnHi0Ksff5CUMG8cOF7l+NvIDkFfQBijul7G/iCGOCBeEw0vaIDyAcN42iOhe1Ju51H2axX7G99EPHIbOofZrXA4bBz26SXrK1CqWhTCyJwSpvpmBvzcotLygoDDWj9/TjtxUA///g+b9+1qYWaV2XC2DxGirFHGTJWmuNLr/sLwLqVIBYNQWqN9cTNGpZcE5pVeZOWf/g+b9+1qYWfo9xZLoqkMfFHGTJWmuNLo2ITwiFZQFk+9Tqg1Ec5MP9HU9FiaygoSxUrt85sUf/+NGx0V9wKtGApVzSo5s7zfChcAglh8TYpqYZV6gdBV+ORKKOf1xTY/Ej2C3zsNbfzcotLygoDDWj9/TjtxUA/yKTPMdRQjwMaV2XC2DxGirFHGTJWmuNLo2ITwiFZQFkNQWqN9cTNGpZcE5pVeZOWSKTPMdRQjwMfo9xZLoqkMfFHGTJWmuNLjE+ensWhZXv+qKQjA8zX4LvXN7+vLVehGVwIeAEyNFA8j7DQsL2pFjUj3S4YfD++AhEA5+f+uT1JsMwsPelJCD40bHRX3Aq0bwv2XAyQ+dp+aMCu8RsMiAlSeVd1rxaocUcZMlaa40uMT56exaFle/FZAma3shvpqhF7V+cInf2Q+0oM86hcsT5oCLDb1KANMUcZMlaa40uMT56exaFle+fX7cbciYHuBqxTtxQBAu0VTZJm4dZkXHJFTCgkMa23F9bB51+Veq0RaNCsMSLIqXFHGTJWmuNLjRUozO8NujPdhFGg5wBDPqhvBnRX2MonYICrPFgRELG50LWNedLCXu8vrva9pxyS+KzAP1EBQ2Vxcafo54IYj8IOpdjei2ohpJJHSrSlIZl+NGx0V9wKtGNyQIkM7/bVNkNP77Pl4QKGlv1A/0rBBoIOpdjei2ohvp7ChkjVGLs+NGx0V9wKtHFjLeiwgVRi/f9y1HtvdKVXu12GtLEhCABijul7G/iCGOCBeEw0vaIJ+TcYSFYS/8OokeaQDTg2bG99EPHIbOoF1XAAgaya27ilJhXb0qRjJ1BBGkp2ybc/BMr3rG6zJX40bHRX3Aq0Te/BbZ+9iXGIH099NgkeOvh960jSh84dRMmQSYmS99HO/Dm8pTvCdj40bHRX3Aq0Te/BbZ+9iXG0BURrYM/J2pqPxCptCuciQmiNPhfNncLhR66ecozUrT9HU9FiaygoSxUrt85sUf/+NGx0V9wKtEqEKJHqErA77Iko61iUGoipqYZV6gdBV9c033GvuSduLO/+q60jwZB5ZtBdgUw/FAlSeVd1rxaocUcZMlaa40u8yfwerjXKVDFZAma3shvpkAFTjGTpjPcQ+0oM86hcsT5oCLDb1KANMUcZMlaa40u8yfwerjXKVCfX7cbciYHuEo1BaSJDCFxr2AUuDI9Qc9y0PTU16kw/l9bB51+Veq0RaNCsMSLIqXFHGTJWmuNLnx2sJ+COPg7ks6tK3epSXOhvBnRX2MonZAxW1E40r8fh9oE8hOqNKe/MSTeEENkNaYKlbCiNFrTSjUFpIkMIXGnXxJznDPixEFaFy24HsWDnGPGn7U8EBAKGldJ/tAOjKpaM+xK5+oASjUFpIkMIXGnXxJznDPixIWJkrdjyyinFf+l0tjkOhygc0dCX27itARoFW2JMI8Sxf49aWHOj/DTutIhiZwtVBOoTonkv66tj/DNM/L7q+guBrkfBTa4dcUcZMlaa40uhZsqR+zgUN+yuMnoZq/Hgp1BBGkp2ybc/BMr3rG6zJX40bHRX3Aq0aYYIn+QsuRAIH099NgkeOvCK5PSTi3dEBMmQSYmS99HO/Dm8pTvCdj40bHRX3Aq0aYYIn+QsuRA0BURrYM/J2pVEX8w771SqS6t2n9dMG7QKevrWWWuOooBijul7G/iCGOCBeEw0vaIKiOAlb58r9vYMdYXisN2brG99EPHIbOok2n3BSnmzriSXrK1CqWhTCyJwSpvpmBvzcotLygoDDWj9/TjtxUA/1URfzDvvVKpaV2XC2DxGirFHGTJWmuNLgNpCB+H+2HWNQWqN9cTNGpZcE5pVeZOWVURfzDvvVKpfo9xZLoqkMfFHGTJWmuNLrK/hbYIHkKSAEYrF+6kQ1fMBl3Soxps/GVwIeAEyNFA8j7DQsL2pFhZtWyMALIqapGP+hv1ereGJsMwsPelJCD40bHRX3Aq0b/FrO5T81UH+aMCu8RsMiAlSeVd1rxaocUcZMlaa40usr+FtggeQpLFZAma3shvpvBWmJX42BRWQ+0oM86hcsT5oCLDb1KANMUcZMlaa40usr+FtggeQpKfX7cbciYHuNWAEb9hfVHi+UMsuaH1qNa1QofQBEEu6kNN6w0EW5goRaNCsMSLIqXFHGTJWmuNLlyi/UY80ynDsCcuqMkBgDShvBnRX2MonQzLFBY0Y9iF50LWNedLCXu8vrva9pxyS+KzAP1EBQ2Vxcafo54IYj/YGGZjM/pj/pJJHSrSlIZl+NGx0V9wKtG+exmFeLSwfNkNP77Pl4QKGlv1A/0rBBrYGGZjM/pj/vp7ChkjVGLs+NGx0V9wKtEpJhYNwfQlmKskBowMmrD2EPKOA8gAsjUBijul7G/iCGOCBeEw0vaIBQUiorlvCP1wONEUKf/CNrG99EPHIbOoAA5JKjqkQo2SXrK1CqWhTCyJwSpvpmBvzcotLygoDDWj9/TjtxUA/5GkxzOr3c/WaV2XC2DxGirFHGTJWmuNLjWLyf8JI27INQWqN9cTNGpZcE5pVeZOWZGkxzOr3c/Wfo9xZLoqkMfFHGTJWmuNLvciGeiUmRZeFaTN8WF5kzC5P+0IHYuiOyxUrt85sUf/+NGx0V9wKtEnREvmYDgqLlXfbDjlJGd+pqYZV6gdBV9+I1T5/56YMLO/+q60jwZB5ZtBdgUw/FAlSeVd1rxaocUcZMlaa40u9yIZ6JSZFl7FZAma3shvpvVoHQWtB6+/Q+0oM86hcsT5oCLDb1KANMUcZMlaa40u9yIZ6JSZFl6fX7cbciYHuNQaY/PF9p93ufeqGc74ax1cfvY+EBDw4WVwIeAEyNFA8j7DQsL2pFh/tCnjDMgfZ4CS3VI5L556JsMwsPelJCD40bHRX3Aq0aI0E/5seHKNHbIrJxIM/Q6/MSTeEENkNaYKlbCiNFrT1Bpj88X2n3enXxJznDPixEFaFy24HsWDau3vCO5pKFoKGldJ/tAOjKpaM+xK5+oA1Bpj88X2n3enXxJznDPixIWJkrdjyyin+5tgaLWyHxjd5GuhgdW2QhWygRWtrbuRPzwjeicmVF7/AWCORXnYs96joPHGO68mg3mciBV667xu2DVYk4XoF4BWh7l5/DMwPpJ018zDRpnr0u8CDXfOsT7/tz9F1ckhiCTY5j6cuIH0Rawu6/k0vyw8AMfRcgQ81y9kEDM/+vh1aEsC4pkV271ED+EOPvAATiqx48RhicyFmypH7OBQ3zo8qwtufQ1PbzUhH7wsG8x3Lc+9k91Vfm9GEnEkooooxRxkyVprjS4IQdpdak4OlAUFIqK5bwj9Y1P8aXauva/r0u8CDXfOsT7/tz9F1ckhWnnISAa+kiz0Rawu6/k0vyw8AMfRcgQ8WCGY6YTEwPB1aEsC4pkV271ED+EOPvAATiqx48RhiczzJ/B6uNcpUDo8qwtufQ1PbzUhH7wsG8yoOhWrzdXFV29GEnEkooooxRxkyVprjS4IQdpdak4OlDOsBHeNwQmnY1P8aXauva/r0u8CDXfOsT7/tz9F1ckhg34f+dKvLE70Rawu6/k0vyw8AMfRcgQ8uzv43ptlY291aEsC4pkV271ED+EOPvAATiqx48RhicwGB1Vk9zgZ4jo8qwtufQ1PbzUhH7wsG8yDIOyGkq5SxG9GEnEkooooxRxkyVprjS4IQdpdak4OlCQnPttGP8HtY1P8aXauva/r0u8CDXfOsT7/tz9F1ckht7oDR5tjLnv0Rawu6/k0vyw8AMfRcgQ8FOBCtvHEeRV1aEsC4pkV271ED+EOPvAATiqx48RhicyLgAmGcUOD9jo8qwtufQ1PbzUhH7wsG8xk9akARNgXg29GEnEkooooxRxkyVprjS4IQdpdak4OlBasE2EmAZiCY1P8aXauva+leydxVmq08Xjii256VFhcUb7iZrnXDsBuWtI5OgldgwiIdLd61GA3R1sZ0ewfpFBmTsm8G9FmgLe0kFmLPOccs9CTwWPOzaCmphlXqB0FX646sz/9EIemqloz7Ern6gCbbA+wtAL1FiEom4eXAU8R9h0N+63n6iNEwdnHWlRUqosM8RcwKCWNxRxkyVprjS5Zc+wZJL2pzkpS1RAE213o4vK3lZmW/47BI4uxG39WsZaIaX5+22IIwhqhJwaMZa9v+gjHP/Dsvz8fmUBx83avah25IlfCJEAofsXfYcontRFH44Jns9GPqT4uyJkeIXIDO9cs2NGAjzK3TXNDljjZb6bt4PfQgIaSMKjrNvmxwpPxK4Ee9EuDLuKEB60rfvtr6aqjjscKRJ/6L76D1IILnl/pSRE3GoqT9Xk+EL9aIwTjgdCnKujxoKwDVySTTRnirty0ONMF1GMS7jOKPBd+yz5NO09CjhWWRLXllxRk+ZOZyK5V7cPSvNIoXUoA6oaF46Vz1uPuyp44YrBO7aYnQLK8A3CRKn2oPERcG5DBascFEj+lDbDyvfbiicYkVOjDO9yR34nLop140pvGKU7z9NFKitK+7bYIY/UUAL2QKRFB+zt8hRIvzAkGFJ4+reAT3tVZZ4gvzG+Xk7oubtHAjetvbsiLAX07a/G668CthOFy3gUFbO9PWEyePEDVourPYx7oc8b2eYR4uXsQ4HjAHouGm5+tAJF2Uj3B5GHAUzD3fS1PVoi4JxbJuQQHYtMVeCGup2ZuYBYnezsczZ+xr1ceF98/Wk5BVwt1/U/8+COMU41bkZGqCf66l1DAL/Kul5b5VCzmMamC28KO8yXFBRU+Lsb/HMBD8CN9SKs7SZ7zGY8OlYV1+Kmkgj2X6wcfwC53AjMw7ZUNYkiJf8I5OM2+iE1qXLzNDWDnASyyG8cmD6qNJWeIjY59vI9I5J+pr0Q5PWKVSrg1Xy1dJt6eIRQ+lTq6KX0RCFJRJNT6BGQEstBcyl8MPqVa+vkbsMs6dyYDqxRoXfRX7Y6xaGtRbCHO8h8E3oQdVqoJagVs3t9b+7ho1YfSmiljxWirQEv2HdHk+WVLziVf0L6NXVsV1eSDHieca6juNqo1xphjd3SBNzouMRk8uzOColf3Y6GOFgnDC18Pkq0TzYlg3sRT+Tq7IUmmy59r5GEXwn6o04OJgvM+kNddFxQqEnekh6fsF6kmyUH9+SOiqfqn2Jds/WKP7/K6ALrDytkKu8MrotFHYZRqGcyqRpTRJkuNESdSRuZhBv9ot3Gi/30jUaijjmVfwye1o7AZeYurZ4PtVRHCeek1Z+R0PI9OvoXNd3G2JI2RsXJa5YHY7MA1oePTCI7WRGr/lm8nx7Z+dXaDY2SgxvMTnVo6DSwx6PTHC3GaMw5IEs9I968LmLKj9vZO25QoIbdPRwLVrzkezxkFGQocc75UwrOlwNQ0JRnWZIeEj7I/1+iqk7NfjsqtODUBTAg0cxSNRKkkmxe2eo96lYsC82Q9c9a2VkknyAj0snyEj7I/1+iqkxLm7BjGH+BUbgMb7B8LovVt11Ejf0/Pe9R4YoNhesvkNfLX+BRpvvyEj7I/1+iqk2UCZgt4ZoKaeBN87Xv/YcYVW7M302rp0Bp9tke19llmZmYuwj/zoEtnvy8y6ET51pi6bUaAawezrDeNydOrkfqLNeY7HXfAZEnlWf3uilL8fdj2P6VMJk3Tr2ARI9FzAwEOCs0htV5qSYjKcnAc9VSW1JDoajBVwKW72SOL1x9T4udboUjfyvbwkHJlp+DQmSkERboS8Ev9kXhZJi+2BFRNbNVXCWJvQlnsaXaVH5MUB4vi1+0dO+ozm9hnmxhlMoLEO8cddHKcpb+Rmaz0tvT6yz7VVIOWie7OJwkITMeJ37FKQZefHV/D1Pg2F/HFWXPL5pW5G9d/51AATrr1vj0hVJYCZdOP0NlX0Q8Da2WdnD4k+iMJrAchU9LdEvTh3DcVze9WfdiLjEmwSHr3u3pRSqgSIwL2s3XjRydTxUo2d9mSrultnEPtOn5saJXx3Lxoh2CzZSa3xIvyD6oOFheq9hqcONX6bHo1FtKtnodk2PYDSp30glAD95vEJosjn4Go/2TqiLmyU5PUMtUM1vJG7fnldVFpbjaOmmu1ak+AbZKem56RdBsD95vEJosjn4cXHXXJC+tWLZcT0OXwvP1UN4yQOBdt1Le4LgmyGwdmpPvz0KweJLtoYVQi1OHVlmNwUtK33ckPMaTqL838x2H7EDwXFyGnaAn+OVXTgbgSORkdam7K3QgNVlKGR8p9cQ20QxzE+OQlcSxXmH9qG/XkW7Dh1goYI9fp+2mbIY2atYHQJmGTWRphwljnj1LrUkheuA+SitG3Eg+jk6oVRHIHSYYJYqb3i2kI2jCqvWffDxOFUvHeJ3gdWwgPt+2Q+6Hni6M7IuagKEJ5xw4l2Ev3bRgmcLBsabTo3kvErUY9O1tlQvlgg86BRmjj3pQ2rvyVEqkuCc9LKjpgPezPN43LpP7oSgVxQefvrxChXI+mqSnf2NBEQltsxaPElbJYPOVjPVwKih2uOIpVDpMsvRX+uQnJUg439rgEk7/f8gIfEUNpS7DfT2D9Q2tSl9aavyUpXELyOjbr6jOs8iAYoc63d3b7EpCvfk9KEaxIRW2JruMgCQqrqjp5Ol5xWMIJBaBQ2dP+cPTqi+vihxjBkrKFnEnEKY88C/y7JhxD5RGV95o3eD2SviALdfVKa6FHLI+eSqGTrY1a5C03vErsfI6LddZg7rWyn3l13UVcUHwskP/RItXgmkKnukeT60UJfxbfrA6bMV5l3WE2PrBbLnkIHz8kfRr6TFmNWymW4flZUpKmNAnimU3ZH74H7Ahy7Hz9B6Y7bJdXCHVeChIQTZSkmIMxSAHwB8B0k795YGJKgSX7xDdm6sBATAmFu51PoKuz40+yQ0jTd1Va4xfzlDvk0tFyQ99H1mkO50Un6G6x5HkJVN1YwTa10kMdCoBQPHY9JCIHff4ptIn6vyf/jwY0j79U0apjnCNgx0z1BWWFXUpuJif4NbIZixKZYdnwuKMWNoPb8OJUjmVfwye1o7D5CdhrK1nYefkJ2GsrWdh5n/uTP5iqtLL5CdhrK1nYefkJ2GsrWdh5WBMJj6UbWOugrANXJJNNGfkJ2GsrWdh5+QnYaytZ2Hm+F7gQHYfmSKCsA1ckk00Z+QnYaytZ2Hn5CdhrK1nYeegvmaZxiQixoKwDVySTTRn5CdhrK1nYefkJ2GsrWdh5CKlqFSi+Men5CdhrK1nYeUQf5itWv/nTg4xZ1WmRJQ/5CdhrK1nYeY1go/4zGCxRvx7bWpgE5hCOXB9l8Or63FZ9M7LOo7RHokF7Sw72CJISPN8OU3HC27jyBzKHCwSiH+PiaFx+KpfUkv6OL63ZWlXIPjS/Epd3dTrM8TVHicjaWAl9hXS/LrPRfb70oeQkY9OzKK58G9zlUFyIS2FT79ctM8O93QbqaU2cDQzV+SUzgHLx4lriQijU5XwRyxZjUIY5tTNtUYlj07Mornwb3NuEGD/9PfORjDVSrsRvrS9j07Mornwb3MPD7iRrZ080RHIg12xlPfbYDw0Xk6VjcmBNeEkAssRZjWCj/jMYLFE5UBk0FWA9yLlSFNr9lBOGOVvREq5JJXWg94ips01Sr41go/4zGCxRX3L231VHCsJj07Mornwb3GFAVCp+MjY8EjzfDlNxwttA397Mippkj3B6uw1WZnqfY9OzKK58G9wujGP490+KXLlSFNr9lBOGNQcevGxB39ImpidRVnrLCo1go/4zGCxR2CjF6ch5gKC5UhTa/ZQThhncZOUcs0iEtGlVkHpXrYKD9n3q/boyLIWvnJX+5TIqu0I3nzOMYudnasTyrtngb4JUSy3793448cjREQoZ6GBTT/lzi6l2BlNP+XOLqXYGU0/5c4updgZTT/lzi6l2BiJmW3KtIrLO3TIkB0C1SFlbI83lVRGhJLTqfhkwTCq0rJZfjPmaQC8dYvONTp08W2TM93N/Hdl5a8wtX+yuMzOIuO1GVhcfk31JmBo4G0qpqbosDLSYzRsOj1Cy9A43Ey9oNeIsFbqZU0/5c4updgZTT/lzi6l2BlNP+XOLqXYGU0/5c4updgbQUT6WchyfIZEmqhvyJbnrGt9bQS2oQQQf/3UYHIaQMg6Xpjw2EzryibIHtk+0leHAjvBFzUHNsz6zJEifzYkIAU/O/EpAeq6kbyNy8M6Vuf6yyLeYOcR3+WrsFJrRiA26+CjA3aSD6pAVX7igHRyeNmIPMFFuGvhJCU7AQDoMLuwsF1THAtQSuip7qqoT2klRXc/hJ8jFhbYMXI8dlk41jAb7Hr0v1mO2Cpyz5CDzPNrCuvQqCoefZx8eorBj0hiwcU9RAjTz0mLDsm/zCxMvLCfuAtQCaABKNbQobffAZAcwBfPckSaRuVIU2v2UE4Zqf5phQX9LxGc0zz4XOFPYozrIIgTWs5P3TkkzLjRO4GzXN1IZxUG9buMB6wJ+JFkRVT9hh1wK06feXHxbNXLSbNc3UhnFQb2RNwkZs+reoeM1d+so/regp95cfFs1ctJs1zdSGcVBvetL1WIuaJBewQPUKOwz9yBXtP6lphrEJvzlaHIdqvM+xllUMTEDf8LFrPgWXxwZ7wsmnYdf8OvceOEOhhY9U4wdPZV7t5cgH2zXN1IZxUG960vVYi5okF7BA9Qo7DP3IIgY2rHHTP+VBOFna8tntC8HIGg42fgkM+wxIhDrTtCv0yFlGpKypo+SyLqjsDUcmqKRsUZseyswxFHQ94j9AhKy7yIKMFVC/2zXN1IZxUG960vVYi5okF7BA9Qo7DP3IGegAU9LMwKU6wFFyarI51IHIGg42fgkM+wxIhDrTtCvEUyOAPRG4AlY2SNB2gn/yxhPIDLdUt1l/dfUIyIaH9JSMVaS9tuuUSW8jAOfA9s7HMQ7TjfHcMNNUMeAhhq6IUJDZSGiz7As+DfCGrvw0QolvIwDnwPbOxzEO043x3DDTVDHgIYauiFFkJUuhUbSWWewG9mP19E0/OVoch2q8z7GWVQxMQN/wsWs+BZfHBnvS9gEwiOnHCNAGvPN+L0OMvzlaHIdqvM+xllUMTEDf8JvTtVE3QuYpfJdm6LNDafvczAGajUeHtCxkFSjoPAnYvzlaHIdqvM+xllUMTEDf8LVKvwGX9PBhzInGM3ZWcKETdj3S/yTe2vBODDmRgMNFhIyhzDAIRmTEabnq8f0UrNGmcHh6WhxA5Oz0wL0w2rXxrS2VlXvkZonTPWn6u6cUjZW4ZxQE7x9eGJSfsx8xT3xsDcSv4aWYR9PTAzvwgxVYRn4V7MiPRxcBgt4edPx6S1sr8HqmHfYnBgLDCZuepA7aqz7XzqxUNAO7PT6rCVI7hRZBkWBzKrR0qjk0a5UqkFP7zIXlwNPmFcqhdXpn7RsIGTSVOu1yTNAJpW/iP5b6WoKxrXCbA/6vHbICwmcPy93qccWPt0wghSACBX6JKsf1PlvNs8Rm+3mPG3OxDAxFDIrnbGbK8SXwZz5LJXsa0W46qQCLwGzX+DnfZA0/Gf4JhqS6V3VPMeCW+9cReLo+UkuY1DibZtXo8QQV6qOR3hiUn7MfMU9YWAm+NJiN57aw/awYMCzcZNQ6IwHyXvDnTbStl9p0wJ9SZgaOBtKqam6LAy0mM0b0NcbhLGpHN3rPbWzPH7QNf/9EgA9Clm2ELwRxTNJ6tb9126TsE+FJDJmhWIbIGkPEslFrz96IOIcBz0I07oHnj3I3Qg6fexnfe/oy9sBmdOQFV+4oB0cnqLxKkGaZXMxy1vqwgSzic14CfaHc/6tzuaIjvQcFeCwS/CfbwP3u/DuC9cAYBT+i855FNMIpVDdVa0sU4I2qgk2l6jIbBbHEM4WuI/WkWX1Yvnbz42v9Px03RjA+nhtxm/hRsSHLwR3Nc+7POp0C56NtA678c6FDv120NOlJkUm9oZmSjHGIXtMu1Ilbehm5lcUZ1KGH7paXuKD3aSTP1l/Zj4rWQXkbvkXJHGxd9NRTWQTI15RE2ra9056BcOXA4i47UZWFx+T5OfjI6QfbIImdf/jKJLG0jOKLaXrDebevgZRKhU4a25CipfR2Xs+/bI2tlwSX/CNBjeCCn11xMtEFHQQcxcBvXEcS33dMIN8iLjtRlYXH5NvTtVE3QuYpXAo+ld5bUloXs5kG2o151mYQW3+3HNkjrAtnKSWzThkeGJSfsx8xT3fcnO/CaCltjaXqMhsFscQkW016mY0k1Vsenp0C48F92ZEgMXle24XJRjtrdoxht1TT/lzi6l2BlNP+XOLqXYGU0/5c4updgZTT/lzi6l2BiVBFLmzL4zhIEigEyxruITtOmFyyHN70puJBgMZ9mXYGyIV670beHNXt93SPWcvi+D/0sgX+8n3hrANZfGYT8hLMXiM/5vtTvBm1rpAaDShGmNEfUc7mF2+tyfnBYAfBG32pil8Uc39Q0yhCe/NN2OdNtK2X2nTAjOKLaXrDebeCJbF54jxdFMkglUb1n3gxvjzIC3i71kXqsiQUCTaO6/AjvBFzUHNsz6zJEifzYkIBlttxmAHv9ujs0Wt68580YAwW+LzMumj5DA0BqrVZm7Q8Tw+wgLoPjWx5ps6SPsI5CmTzSC54KPJgGKr7KzomjNAJpW/iP5b6WoKxrXCbA/6vHbICwmcP111v6UhXcrrbHp6dAuPBfdmRIDF5XtuFxN8m/DhX/TpY38B+HFYPqyvZI3JsEmM3GwDzihCIFf2u3hcdnhgpcDT3zbICU0FzEo7irSTgkauznkU0wilUN33w4geenudcZrzNzS4yZI0KP1PMgXpJ4j3w4geenudcfw6riVs5ppI/OqYbevkmd7qfTBQ67kZv2n66kIlCzY5dn7j7aoA8fK++XKsPxnz4ZnzNGANIiWj2Qy7xLd6MMXBSbcfPevG8kdwv1/dugaJJJ+v+FCjhA8lrffrgOVK/nPVH19gXXKu1FDXSmFU6aqCXjNAw0V68sQBsVk//fLfEwli8XStjCaheWbAjcL8tcWs+BZfHBnvHij0o3U6ieGvnalHSSra9oE9As+J8sYipPfyO1fuFUB1U1zfuoPJdE3OalDQBD5l7ik3z4+i33k1XHogSgJEPsSWh0+9muczhHzLPfKs3muAWnK+tlNt/8EKM0Ll6ZA2wa4fwR4EzCHWwohExB/S0fo8PwcE7mcodpvBbswsipPyxlcdH4PpsWh4gNS4Uskm4V+uVc/PTpS1aqdn5I5ALGh0DgHjM+LL8cJmnPRE1N7sEhKFhHIgyOlhFQSAE4FwX+r1pLWxpDbNWnedcS9jOsJr46Z/yfe2wdXzDk6Rl3kkh9PQ+fnIIBtXiMGcicdeC7RF2IAo1AsTA6hlqxP06vDzYxQ6ZEKS+dpqGUcAvbJiXM9Xc9QxArVqp2fkjkAsaHQOAeMz4stdz8cW1JydAuwSEoWEciDI6WEVBIATgXBebLNCEtdfMM1ad51xL2M6wmvjpn/J97bB1fMOTpGXeUYjKklv3yygG1eIwZyJx14LtEXYgCjUCyt9vQ9KSD7P8PNjFDpkQpL52moZRwC9spffMv7Clmvs5KCmZKkpulPCa+Omf8n3tsHV8w5OkZd5UIf8w0R6mE/Q9JMEEcVP3Gh0DgHjM+LL8cJmnPRE1N5uyGpVkhyS0xtXiMGcicdeC7RF2IAo1AvpoxzQ01BV0yDOkkUMOIuF6WEVBIATgXB2KUv9RsM8pp5F9qZ1/+9L8PNjFDpkQpL52moZRwC9soqCV0QUJkqT5KCmZKkpulPCa+Omf8n3tsHV8w5OkZd5FaVyhaeb3OLQ9JMEEcVP3Gh0DgHjM+LL8cJmnPRE1N7752kzWZuGvhtXiMGcicdeC7RF2IAo1As/PodOoj1gUyDOkkUMOIuF6WEVBIATgXB2KUv9RsM8pkui/4HjAyaQ6tXdJrGlTbkoj2OS5Bf52X5uu3BA5rN+wdXzDk6Rl3mSov+TYW/4w1U/U9dKCdr1gjnZjzo003lVP1PXSgna9YI52Y86NNN5VT9T10oJ2vWCOdmPOjTTeVU/U9dKCdr1gjnZjzo003kSa7plh/dZxO464cdOClNJkwius5+nLpF3Z69M8kZX1tAOqZiFlvCcOxxXXeWLrcAlSSvR6cR4MQLr7qGD9GBeZOUtaaq8Q0EI0i7XcKPMxqFl4SIzxBXLxCfkHbMnE6UjTyK84rw07xUP9HItaPT+ih8Q51EBNckQBPQ+KTh7suvRPH8rbbLFCnqV6BTJ+YM01XHyNZvxEvwhUgCsT4d0+H/mRe5/CG+LLkZeE/JuKA2YU1VDoIB9R2K5rfo3+9wVlHKotJ6x24+wB0UhS7rBYo8WxWO4YODlfpWJ9az5G1MsSsA+7bLV1eRMqpnDm6aE9Wq7KM82RpusMniXjspB3koreejAOL8FzkQQ+sbCfTTppT/pPANI9z8D/W2xT6O8S4l+Qv7XVOExSIQpHa7TL2Xmrf9or88iCd33L8yQ1OnIybImF0o2kovKeqrbJILi0MYVCPcKaglqhsK3Epk0kbdLaljwfecilSAoze1nyKYW+/3tR1Uo33HH/5iFbhNybtVxJVow/OBdkTwY9xOPpecjDyKD0SAYfmcxUqe0Y1KN0/7AB3QeCNIu13CjzMaKmGs2HOfOOp7Sy9+a21M1eWRj7oeXiB28/i7v7gi/WPyCPdeqZeTTaWqDr2vqIfZ+bcMdyaBk7MNW1rVUutTIys1J1g+26zT21nNoKw/VHmj+SZf366Y71NGlo0nNUB3cUDfL2caGpBV4W7Md6vxUPHev2n20eguJslp1O9WLeEVp6nva2pukMQZT1GL4CUI8nfzG//DquKoYjXFyQKSHx5ZzMebknYsTPFnYWD8Wt4CZOPfBz18lllDxfqaXrYZBP6Z21lfLWArVAaZquCRiY5/PPK/65CZzj06XksTWeK4PNdB0R1DeH+ICIi5pEZIMVMRXUj6GlWfvLHXQtGzHlVQe2i2Pklti+gEBNqEIrt++Bb528aAY/XFqsihFwtbhcgkHSP9vbvNvHf1DVrHztGmb+6+iASo+rN4X2J793fdQ5dCCSf5w7GIg21ZmygEGbjmRfoliRq8XILA805m8Z7Ab2Y/X0TTBtvG/pN8eIUJGuhSQ3FQ5amOTCqb//WEX9bkItj/VIUNuIZYRCnuo+Li/Qu0W4sDhl4LPHWunSnznCl0SiymOrJkoUhz18ENBbgXf72IW4zYs7Hm8t4EnXwOFBBWwAW+dQtbI8DOyhmL4mSbOd7tTx/WOYtcYM1LG7s4hZIlBMzw7lO90lzFbeGJSfsx8xT3fcnO/CaCltjaXqMhsFscQMtNb+RR99nE2l6jIbBbHELKRO+2RbYvCrpS61XkrpD44By6dc24imxQnaXPLfGw/liGx40o7dKz3FHz3glL6rTJvfTv9EupdEuRthVe2TL16kCXOBJSnmUWZyYQu09KzMSFpcJKjX9ha6MNf5UPXXqmDEZc7cIwG7cL3fEFhBSEkk4FsqfIapWFoHqNWF30+uZ6/guF6gCbQDuz0+qwlSBkM2TANqpr0VfMSIoz069CBPC6tPNXzs7j6VR+aVOAbFlIPJt+tBK2CF5Mp/atWtEQf5itWv/nTnXjSm8YpTvP3GnpuBhjJy5GRyrcmEfnAlHZJ+OMjLuoiOPhPOpRppIx4ZNdEZ6cXiLjtRlYXH5OJ6byoNlX6jK/T8I02uZMxBOFna8tntC8rJyhR/Kdc8LAh8BnM3Q8wlAorCdJKJ5mZwjD4UejYrF9NI1WCMqEnwuV7uRLOYBYsFzlwZdichtWrzUOXKsM9PtiZDCHI8fsgLuvad7R/hGbQ+jO3kXfjqi1QfgdfhFwS1yibErej+JJsNvU5++XinFvBQLqoTWdIyH3Sy5iM8vxd/RtqmlHFZDauOWFnq3VgnQngbDx3TIsiEGXdU3Ag2+qwNPit8y0IpVu89hqhRsEji7Ebf1axmERUNFC6eVd4YlJ+zHzFPfGwNxK/hpZhch4SJnAyiH94UepfX4DMGR7QTMWLirGFkVMP7H9wkz2MzcSaXTsE8VmKsQrDRg35uE7R0cXGrNZZH5ow26qm4NelP8iJ2XVHJ+MKEx90VRXCOcxFYm6N1115wR9BMfZIIZRd1M7vI8nAZKFRzqIyXmNbKJKZ6pLP4+TSJEw7mW+Rkcq3JhH5wJR2SfjjIy7qIjj4TzqUaaR9dAK+UVPXMGo3kXU0zYRIMFV87EQSlkRnrhBqGYlcN4Fw1vyiCsTmUI9qiwlsOmKRkcq3JhH5wJR2SfjjIy7qDYkX53VrexsM8e1mU1Dcl96fR1DigF6fiGPvA68/NmxixfNHWaTnO3hiUn7MfMU98bA3Er+GlmF3D4iymWsfx2N5csJ0u9xDKzFa+a8yl//+3Lh4Ghl7jXH25BFbDCUlYyVgrr4ua3S+pHjpfaFZCfkJ2GsrWdh5nVc0FZvC1Gws2JaN/sgUJONUG4i0TMiSIQoGDdQG3JJfh9f9X1HvLtuFLREpcPqZJ4l69LSngeFQCGpobx98ZACa0t0xLsZckzXhmllSNEBmqVsdvzSTHlUmEUpMkbbbPKqiQcofZiKGVHispKyMaNNF+Q+Kp2q/RB/mK1a/+dNl8c3BGMk8v0zOJpZoxNJ7+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5PaKVYsrU3YHqOYPeo4aJXjZhAvNqPHkzeokCaBfrMtTZm3m+rEVZ2eW8TdchiuJsatUgzJQgf3sVtKJyZk5w8XapfHCBEIFXYb01Pk8SeBzek0ZPwi56u0NRD++RGl9AZMrAjR2N8/g19W3TWXO0WK1CZovuUuf1bNZ38EDj7uXs386vTYZEQhbNN3AyBmU55IYZGYhxgAfe5T/nr0IY6Eti/pkpKNirlLtEGUuXNnz3wE5v1m0tH5rlXUKrmJyZ7N/Or02GREJghwqOHUR7mDAdkvOuWsOogHky1ANfeeQzGlP3mWGW8LsYv0lI2IWCfMVj+AAq60TffQQh/Jt3/sAH9igzjTuzjFmexJ017u5Ah4ElNDbISQ867hIQc3GMQlnZs+kxWdd90c2XfLP4Tr51NKbdS3sU9+1DY1sbRuoC5eYy3WzAw1J1qPOS0mZb4z6eEJGmlqxumgG4fNlv7BOoUB44SMmplIZpvbXNZMcLezUjKD9tf3NrZQadJjSRO2aYepwh9VH6RHs9JcDrJWv8FKdqIw1Q+lhb8Aoj99xaDGtU4jR63w6ngRm9AQbtgFjhrVznQodPxXHZrk/Q2BekdhXzCG6lXIX/PPpL3ytiR21SpcJtK3HhkeCkDI7QnnCG5qgslf6nBavZxBQFeXswl0txvJJjAqOnpO60+RuMRqRn1N2letBigm5XXGcV86lyIEYkp2UUnBb59liyMBGKpCqJ1dX7aXYBbqwQOK8QNrRW6hdj60n3uOup1x6DSrLC0Sqz/yax3y4UGdG3ZtHeural5CmXuLiF6XgwTdVObEgCeTywCS7Vn9LWAsScpYDCcir/S1cRDCPGGCuA4UJZ2bPpMVnX5Fh3VFlz19diGVEKvdN2NbCteqosx5UDR4uIWNqxFGgR3GcEpbO+UlpqzDy5tAyM5pzoR3Cfjlpi1r8vyFUII1Q3/vGQCl3P9p15yXTy9+hYsH4ILM68yGNRamY+ELlUB/5jjA8k4eWwV6kLDW4i4uG1yg1tuWQJ1RMlz6C/oAWJ0nySWkg33p6jNE01pPsGId57FouvOAU7Zph6nCH1URFCjaH8tzqL9hnFknYuBSW6/xFeBs3Vu256YgB1jIx7K24Cg+LnVkHPoe8HwsIQO1uAJW6Esa+rGxmGryKiL4ILTGGB4Xi8pig5hi7tLBF7Zagy39+Vg/cqKS29ux13Ngvt/domSIqqq9SreghSImG9WUl6yCIYu/yIoQQGnUasrq2WO4UlMrAeuiZ1SXg7ucmoHiJxulPeVTr7KiGfEUDT1kCMZI8nXHbPzBiRLJ3xLn7LeT6HydPCxHFBGKf8LXzV9x2zSA9EKvN8ZD+Kolm87OOzK/7zmlUnw+taX8G17nL6ibKI75aKsRo8BWBOhYtYQPAN6JxiBDWam/DmQ29SwGERbdoOg3XfvAkOW8oj4/vBCVbTsa/W2yaXAEAfIzhNsWuB3IaX6g901H9nPHKPSywXUFgt4XfffSLOezqrxzxjUxuxFpHFG3rbiSefmwOeJzlRGk2fDaPoHjR/ZT/DcX0J//mv4UNZ27nftNdoHLfteV29G1UQ5+60Z7An686cocwKd3ATNGb9exMPGi0LeFvC8nKaV6zCD0SC4GP3V1Ld15aQFnwdoG7VW1bQATsynl29dXKzY1FqZj4QuVSVdZoSoIkvAS8HqlBK+cWYDXUhW+l0ePWNPO0k6iX5AZAQIDvlrICBn6lvzVeZmkOmL+3h2EPjQ4qfVibwhPYu/viXzcuY6C+jcsmq7n6VrLi1cu/vIbW1/gbBsUO+BiWlY602L6el+Mu7MDdLFqo73FBJEHV3GS1CzVKALGxSIxeO6H0vLetriG3e7qhBGrxJ5qF3XuuwnY1Ah7sx+VePUASQhhPhWNJjqjl7ZwPdqOdHIsTbVdBBdJ1eGgNdrFkKR7T7YyD/rHw0QiTUsIhRz+5S0/JpW4o3lgzPZNVhK9UuSnB0RA1zy3k+cqjGrlGpApY0x8fgcPpGqoRLbZGzMkl8kE6dZ/dwwgi30TqC5N67i3JvrK4HTsBziuqJ/cJ2lkGOl8Eno8nc/le73Ae0sUz5cjroJntdeB50pGj/Y1/5wLMidPa+fdN/3Ewwm+doR2TqcUDfiEFaySjeNOs8mX6gkEOR/SDJ3P5Xu9wHtNaqRV1GjFqLZSAq2wjppon5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2HnAUNOAuQhq3JPk3p0wPTwqxufmNtvMmccpWu2kfMxZbPkJ2GsrWdh5fA/010zix2z5CdhrK1nYeZ140pvGKU7zjmVfwye1o7AHG5ZxIBIQUfQqgoLME37SvjIeQCdsuHCfjYEPf7pQgz7BzOgftrc4nDL2WQUSBU4XCWtdpPSG5f2l7o4UNpcpldO4gVtLuL6UxPkjiqkwhKJU7LmqGrFStYUt7Npv0wy7UKcQXang9NxLG/cVo203kjugaC6teH2t/dmZRW4YDuzzagAIP4J36+8l9WYp9nGguEvU7cxo+U1RVkaSZ3dvqQvhI7duJn/zkx40hzhoP8yYOXdRabtDeYYJfbzCObFWL30Inr6xk1Oz2Pt0Rb4seVQgZZKoWzG/NoRwW1+3ogJ9NNODgPgfVQcVSlxQWDoLioh7eSb+S4pHJDgz89ue+D1s9X+b1CsGFZKtARwqITzn4RTqKgAg110gOafs/I03UBmg33E7YVB4LWLpPv4Swm36fyJ2tXmpqTBfJoI20HD+Y+uDprdYrqeIpOeuP9hEAwlcMSBZFx5e8FH+oTQJyzS7uCgbIEm41tTSZ4ehMuLOsrB75wINmfy2WoY5VMHQMem13OwvX5Ey21i1dXLZIJLE0GjbH9emlu7H6xBUlpJbOl5cz8CIrOjwZL5QXV6CbZ1tLSvOxHQ3MILawEUi41VCbRt4AL+Yhsq9kesrwKBqtUdIbMcMi4EqV5IRnx9V9rrEmxkvHOHKI7xD8daB4WVzTRZx17DMAPvDSMbqEB4FbFc8aBJC6HX++5GPgeFxG4p+qZS2Z4leUvZpzBtDn56r7FF6yaqnXPHOpP5Wg9Ol3CSYzvFRizubPpsIxF9zHCgu/B8B0IrAjE241c+Uo5G0my2qMA30808Oj9LxOJUCQOxGPJ7qABoqnWJZgIet7/OCmI8oJuK/At/GGZBQCfGpCSxIJCFEROTBIPAQ42HZCsWlY8TvwSVOlo4XmRUT7x1vBZ42SbJ5vY3bGw9+XUdx8L+bk5nT7FsQzNfQUXD1HsqKGhJwzCfVnXipMhzFW6bJ3OJq3rbEmaF8SoaGCyJoLOJ0UBc1+icaydgdL3bNYJFZHZSAIm5D/A4x6dnhlm2al95f388IAsZugIjiLn2pcVC+aDHcIHCW5qjuFL3MI61ru8aSOZwFHkUK9dUZfcqht8+ILPHUaVSE1W7ImfoDXZfoEkS7bdmWnTcIxPumCi24Klv0X30ARTT+me5vt6jbGUQ+yHjbdCjeuKhInwUT+xzVYXxyBppH4fMLEn2NyhS51fQBMiG2fR7ec77U992KFZNgDjgOz2tH2ACVY8RnZIpfTWBSKyz15c3ldqppIOuBxuuxNQoQQwxyqfWxYbsrWeBZ2r9U2o/WC6yhZxB5sSSRXEj7O/yv3kWEJrZB81DJbTnGG4eGw7n/z3Vz31oLITDC1O7YzyX7bpEKTU9ui9WcilQkXioCyNhYeIZ2fCvzmNU3a/Qui1OwZuVOuPJfPz+jYxKXayb70wvkgXXbqS0XSWrw+k6Eptga0JQ1NRKsIpCgKJnc3QR1yNc1jASub4YWN2BDq9y9bzSMIHAxde1iguL1yDWXDRDkL5MfgY6XGltKugeuh7j5eHuJ/TizkArgadqeyIrC/FBngLWxatHKaXazorKxVdVBRl39AEQxZu3sZFch73Yajh3L7zrQerZI4AmLn9BsX3CUbc7P+fBFKfWbjPvbgG1T3UdZ8hAtQiihugd/69RLqNcysqgoAtbJxjd2k88TkcF1X9DM8mUFMIAl3F/7ciLv2n1RH22pIRIkwuK2OuVewss36Bfomt0Nr5y0OkURxkxVtzLbr6NZVSL1ZIhh8D3NDPkYEQD0m6Gp/JK2OQMvrdpGojar3CvjDjO/J4sR/lDxEKe9RMH6hpoZ5v9HVHIsBAaDzF0HEOrMNuDgOfbkvKDCnTUw+nK9eaCSW63XuC5ACiS0vK6RIl3Hr5z0anZLoGrc67gfDvnnlpqb/29guO4wPv8Qcs3Bi7Rb9gpgoqJFoQfxJVY25+prIjXmhmrTwYyYKiyOKIopN4mLhR1fWs3vUPfchsX4ZAfP8IIoey6/UdTsNfXSeQj6ECiFM7pFhPSE38byb6fNld4K6UfS/PG3O+GRUx4MbTsjR8ZWcSdElduasGtsGZ/0cECHCwJKIvdHxpsqvs7Nidl0iNTS4x3wm6ZFpztygMnlNKGR6/OvNqNZac2xnfu2fzm/gonWmpqi8dkx6Dtf7ZeEv39mKzBkrbyfFM9aqcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbdmwsydQp5Kc87jILY2COIfBNjWsPNKlAW7hgsWXLMRyYMbDEWwQ53C+E5XgJdRhquj6PowkgVylnmVPaqP14hoZTnuwo2PMHS0fq2N/6navojbfo8WOfgOFqeEhprWjKOB9zGs2CGnlMT8R76DZN5dKUollIXTtjEFcjbeklD0ffWw0PWVr3t1+oSUvMXPrSB4TBiF7S+e8OaiQaVEoHQYfTXDi0MU6nGBXYzFh9Vukb8e17Kb7qLurAIiQzyUlDg8GU54B5+XbJE6Ve32QyUICyyJ3IUHD0rT1FVe13dJOLsaPFV/qpUrzcUR0OImhWtaIh4QczX5jWQpohrPWlreWAjr5QfpnW5KJNRAxrqyVkoVFPTSBNWl2nCthSCtjgCnrDHQf086vXIGom5g8zNi95dU1xbeF91UN4da+TmF6cFDyUcXj/8yJ7oNHK8M8FxUEOB90ZDbJT/WpbK/W1DMotiMGaPXyHjE/Ee+g2TeXqAm6iUCV/N971/hpX1JLvLouXFNlW5BSrcexFlQr7byMncbwxPHjKO7cSsMlwGx7GizH3M9qJiNoJEuU+6X4SeKg1437jZq/7Xqv9Jnn9uhmeKOtU0h25t/GIbQazKKv4MeH9Ket5a/vDQC+ikLbHf1ZhFJDQgpUxwB+v/2G9W9OkXYz5kv2oto+vPutlTiRdlYyFztRX7Aze7Qzqwx/r6Dme0wlsDNQwWQIb+rpF0ncpl0H1nto9aKRLms2PJC414m2d/Md+0bQ3di2vqm6SsxJryH5PkaxGjSm9OEcFBrNdM7fMl5dTJEdUqSiN2W6zLE5BgZ/EpIiz1puMReyqxGJorlVcYNfWnHrB2FPt8rfntA53byvtu3ik77clWDx4vtMoLuB+vdhl09BbLf2J0LX+l8JeDg5BKkhlW4MuhnlBps1FHEHwe5FgupQJuUphb9gW+XDJ20zogbadi2S8cnW6OOLCnmj7vwPw65nfEMTmix02tceuSZhVBp3/wvJopXU5u+9efOK4BcJPi0fysrQPInPEr6pHj8Nl28iZLsCUWbkKjUgz7e6f9wSl1eOYlAEXfHNxOZ0sqJbUsVMSygNfsDzjONDQBJGQO/b2Mcrt1Yy0sLQndCi7XP9DirY8+LPqpybVEWVzOlLConZDArL13RKudysaFnHqHwjn/7fDy98ZP52XtSV2xtoQoJHplfxIsc/efLCzIhrMa9tyd4uRwv9Cjc0rQaEi4YUtbieY+MO5nKte+FIrlsR9o2ZvWD9f3LnrTg3hpEwV/RSfeBSwWVJUX2lKNL6qFJi4dX3TDfa4F9xml7nAG+yz6QTNY7scRVvToj5aalVF1wSd5sETd9TNXJxgGsyGAeoixytaw9kXkffQvjxF9irW0i45gHjqb2Ft17L7LyPCsMeTI8Q9G6dN6d+ri0RsnvFS+wt94iyFwHFX0OdkdATr4BpAQ9+XXeFe27YrXgguvbG4VtSBxKDPNaqSRYtb/4GCFqU4Osrz43K6n9GOM4deU1Yew25VY/eFVo7nzW7GQnXuplX/1NswBRG4hPzuwSAdj8pqOf+uBGYj9hvU7UQfxkSjUwXAa9HNg+5g390ZLumkWoOYCnEnhIQAPJZNoM9aBCg92cgKochFY5TBBykP15KAssidyFBw9JXBfO5W9FrwNTYnjsnnzkJUsND5MMdYYOvp56DDre+/Nefg1ouAeTTlgI6+UH6Z1skEi9xRkn1dYUACda0W/bIJJhiuzUe1vZ5PdUS2lLEiQjvNh1r4GdbEFw+KU6Oll/XyEs8GbSjjFkKR9rSTjplW8vx3UHpntZvyLmVilhZqKLl3EnDQaRX12q6jxn6lp6uolJRsJX46EiQt85ouyOQtNzHOsZ1Dzsf7OC13EIh3cfvOLn/K5MkWT7QA06CAQEmWpI0FyqWzS9K4FobWV5f/+nY2cicY4y6AH4OwmR5YGNYzRt2YWtfslfKqIip/3NC59Nh2bZFyGEMbDSghT1I6ue1PLXCsMPB7j1GMxbxJSZdEC5nmkwvQ2g4T7EIQ2zoBRkT0q5Z18ypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbTVGlakKLplL+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2HnbOs+3pgmi1/WY9wr19JxeuPs+dRWKFhj5CdhrK1nYea1iGGlA30v9+QnYaytZ2HlEH+YrVr/505140pvGKU7zyr+ylXkQZ0qm70ndhgikSjT6I4v6x97gnlMyuVJPJWO/KeOVr4fCpo9iQvsZbdtn2fP8VKtb+yXSwEgY/8X421dkRMuexe9B235tyJxP6jR/weTpfTiuFB+tP9Cfo9AEPC9j9fVSuQEDTcW7QbckM0kKjs9csmOa4WEP5TxLT4+ADjDN5G6pP950qSMhf4qm3uFAEAxZZqb2ryPo4Jy1sakBTNYTq+t+DUo7hflOu34qeNlGY7O4NR0EbNIIP/XkE1/fS0t7Nmzu0e3NUC2Ym14+lpBKzbeO+y6gnoyXs/x8OR67TFytilJgKJuElS/jM7LwxpASaj4/hRcDq4L0dIYDQBfpKicnwydUOuOMvQRhU3wns7LXW/dX6NcNqScVTGrnoCeuiohzkJs9pAv+2UoVmTOtyWBzpkNO/9MNn9NGJLBXIvBWVC3rf8MZ2lDC0QLF925V9HJ5iuF1W5L2uC/XulpfO8kgpUJwiC9hIsPRvVnL4R8eS+120hzJvN2+9rT2ZGWwnJklKxVEE97AkuZg/6boxIIc0tiGjyym4JRICaEWtRHgwE1d8k62Xm9YXWVxyHI9j8/BDnzMZXT9GV2ZQqkAcf6nWdAGd9/wOkxa81/FtsVv2BVqHsLXYs4G6F5/pz53uveFxbwGQBh/6VwfDI3umBOJYGmaawF6d0VL2vLIAhqAaQBQMaIL/clYXTCXee8c4ApinrnBRB3e7F1VYl2j/sqNV2+DUfBtLRRJyZQKHOOMJEX0aAhcG2Ddv/rRqsYf5w/HXqBqCDsmTMigkxA9wA5OsEJinYGYkiOfOFZi7Libg77hlafz4vDx7b6w4oLv/Ohq9dvzD88dEyBADCufSHyvYh/yoTb4PYIwUU3v4HArMc8cTs/EaN5A6uunHnqDvQkutX5DIYMlDLd5g+div4aNZlNMJgSKpoi+GPrUr4bdx0YvAFdlbHFf8Y7Y9VgwMcU+54RPIOsdesACbUnG7K/+cxAgJhOIq1j++tk0oUYsdLY+sVO5kafdGwURFL5ksPhq/Qv7IveGGB4sRYlXgvyECimj1Lb7/roNo3M0ZdEVsqc9bFUtPJ7VHoWG04o53k1Q61QCPUkHQXDtvch7tvyryL96wIF1w1b2kmGSif8s5wWH2lXVEn593S7LAHmCnG7wzx40znpUz5neE3QTcFK8ftAfMc4yxTQZwtc3aqKqaeKbeX3dorpFkrTuS1mKDW7Dq/2+PbAtt7kWcaexAwUc1jR8wzCe2BUkv1D5diRQopmG7gcrB4uL7hemDURCYxgbvd1KC0R9y5HCSoTdSmoFNiirRmxE/kNNYykGPPMsgKABpO1NpPmmZnhZ82nBv3s1/IP8JIZ5FIT2IA0giLf+ujshjnSxOtLWJI+I62sY0x8bWcaU1JPEQrXI9PtY1+6kM6hYJiZ4BhLZsJ2ycKsL0fxzXejfKfKwNqfZtqzwO66yyPOFQ/4ymXIsxkAe18oEpwkx0tljuq6YkLWHIr+ofmMeXVfxfQeiLG2nNCyxsKibc10ta8hpLXLPlxuYEGpvMnd9J64skfeNVJiT1n37QEiKE0R+D1mEx2lilfBuWM6S/RgkkB2fy43qz/q0/4EzTZ6Cbz0HeIytbYEVGctxA8PF2C6Qlz6uphZ1cV+2GsaASNC5sp8T3lWiBSZjqvnR7aIiD5v0lWONe3QrArOfWW4CDBJFy2ZlxH66HOC6gr1p7xIvTs3vNRiWz0qaV+umH9xO9nt2iQYmeRx7oqd8ZsospiGgn2CZJfGnqCvZ2hao1IxDo5igzC/XEuIeeujimb5C2sqpNahNDorrrCCW3vk/Zb1eD+Rq0efxhpgX3cd+AJF4O4YHc/2lbiDzj+f/XG8iHtDc3geOTdmGflJGyytWVuKrWckBnqSIltMEadKX1GE+xjuVl8ukIJaxJCQvix7OSTM/RI4PYQnZAMAXWSQD1lntv9F6wnOLh1tgbmJvQW4o2CG3Rzu7cqAiXZlz88UxqbDsXVo9qViTCZAHtgRUVelTo9hbMK0MxOWvR1a9Uid+V1Tc4cAvzJwXhl6B6l37/Vo4x08z/i7tliWf5RdHWN3254EtJnlbNhzeth+p5IN7haIhIqy4lZJGze6uPBwT+u19aVkHrTaLcY5FcqKLwniIA17ouJ63+DKGbyCxWggWMDDzKzb3zilzqdnMqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbUZvbqmPzBJ7WNo88eC9vw0ajivxA+z5EAWfNRPh3Amt/TfcIiHAy+znAonTXBT9JOcCidNcFP0kyj89axay+oO9v4QEJjx5eVMUOWbEy00w8G/SuQcm/4Q7gP5tdvvSaHlhwjqos3Ef2VMn9qtw22xTc2vmVHwU27H4iG/SCkYCI+rld1i3vYDTjHVspBGIjXvnWy4StKDpgixuvWUW96QS4Yt51B1QfH1qb4e1TLDg13yasH432Xez3P5G+hhFZgnNhHSorgV7kOeU9avfTXsLVJmrFi9m0iJXa+3ZnMFiICgcOidv0uNBqHX3TqqgAD2x/tBwjDJLLpdv2oTaHyInS0w4CrXhSYqe0Es0XW5vmpBCeRHuGRYL59E9np+SbvZ4lke2zbZLjDufTz5oeAm9ARa6YAsQbwTkQVdkklPbGJnFYUqi3tewWjoKitEUZ1ZNA+Ny3UA7pAvvQoTPQkYBot2AgsENeRBc8mfUasig6P54OTt247oemytLmtAeqLmY8yYjmeXWqXuqebRHvPk2n597Q5WOVOuzlTWPEioJYcHm2bu/0QJcH8O0b3oSAFeT4h3FsVvAwECxaDsBke9wh6gPesgSXVMUOWbEy00wO4b9//mjBsQsB4uAYcmmuEYTqH/Y7jDIZxBWUyZMZVu8tcyclwo9mPvQeH5gOO7BUmIfjgx/ykdiEr3ggBv6MJbUQftYGm/9nTfzZqDc8iW/PmG3bzMYEHC0Tyra04XgHkjMAtKnDHWRd6MEpA8EkWLsS5+ZFep8vwkFMi3EDw+C8iG1X1NnTBP0ZrShNgbULAzaV8mt6QtFgJsAl/gaTuBTU+rRyi0/b777sT0aYHMz1cYRl+a5YdfnU7WyE+HAOYVterJmMzyfWBBjGv5kYS6xmUx1kTjunfm6uE7z0WC9ARa6YAsQbwTkQVdkklPbGJnFYUqi3tfnHGIUqi13GZH1diRo4mzE2Pb/mctua4PwevwT2BAkKpzwm9JlPjzYSVPczfhJ7JkemytLmtAeqOWGLjk33PIwVQzSolvDX3p3JhXU6ca+wMAXLAEjw6oeyfRSExhupOuji3Nrys5vzl9aCPmi+iVSH/2TnFdrPj2jh6lC0D2II8ypkXjY2Ipt1THg1gCOwu8rwAlYe2970APHjq9apC9rU8yoxZKXx2DfNCS9nhfZ/25KKH27rSRvQVDrNHuSHMO7CKn8tAK4Py6k9IynImOYGqYa6oruXKb+n+LPo4VaS4o/+pagfjsvOQuG7Zz79xb3dviV62F9tjE4h3JL+009RNw4wlhmMqi+SIOeybtWriiTobeu9HUuzKmReNjYim343zAFskyrcleawVLS5JG9B4dKMhgmKaSLzGI1Z/S6DdFRR32Wd/qDhj86wvkl7UmGCneF6hmGbf1NA7QQDH+WRdqHfFm0qp7+TqNi6vO6m02Q51gWqX5TuXlXPpzK1w2516zNajI/6KyhUeKuqlgfcFKRfsmB8xDXD980x9LITWqXpQUyLYiusHyVEf+jkDrMqZF42NiKbYN6NrydA/34B0hC5Auvk0t8yZHyB3MXzxbiu4h4dQmrIeXpMpNUP+TugBVKPPp66ZooJmhU05lGMZyUlsm9RnaaH71bcxf52MypkXjY2IptNL4jwYThEwcea1o76OawTDyjitnvCahmaTbUIyykEGGsVV3rpz0DU+Kohpv5MnEmPMCKOYOokPmN/gI+/u2aoOiwYBFJcCeQzKmReNjYim0qfbxyL7U3QfB2meHsmkN222iLrOXpRaETnmBztnqUsultT1o7tvzzNqdSAkl6rES42r70oN7J/rBrk1FmzfN6zKmReNjYim3MqZF42NiKbdE0EnVdaimmF85gEYyAwIcr5OMnUEMiBMbaxZuOzwOUVY14HIIrxfUs5GLJKoMOjZy+rlDOY2FcuWinV+sPSyPeYBv3zmwaAnvuAyxRNdu3Zz4FupFE2JIDvVP6zayGeAssibloLDRkDS66Gl6cGZ7cUptNoApkOnU1BuMe+qIobTjmaBzcBonzgS32Je3UeoaZa+VkyQEwqXuqebRHvPlozt1FaiqE5JbrvFeo7i6ol7gF06WilJNrZoM4spAzgnLAeuTx80f5t1XAYfLdatpjh0ghfhCWd8ypkXjY2IptHDBqI54WmxRAlDARD1waDy1TMslACDCVk/aGuL3XzKJyoJpPx4rHtKcmCiFySn4OZH6YaGiaDonx20+ZVZRnrixjTiSOswhb/iqSqSjBbU5eqfrRljUa2VBloQQ+SZb4AlQcUPLDYtbN7YipXOg62LiazgHaNid8V8hP9Rm/YwsQBlSmbuHtyt49gkPfrkIg9jpmclNlG468BA68GNSlCdYI9oV5kfRlwY5RhqBQJnZ6gg9e04Tnt6Hh/31800DzESjRFnmSe/OtOIGq9rcfsWYk3AwrfRf2kM1DzcfQh729ARa6YAsQb4ShwqaybWGaCjGCabwI3HxZAaQzX6xqybfUxihUE5RNGe8fB4b5PI0RQYs+LktmyinzxZWmQFpVJz+gqSQmEu9uFwdOb8fx+LmY8yYjmeXWVNddA2NvMKEz4YxtRKruyj9SdEc2V7inaHhJKSNnl2md933jZ4TOzrVI7LjPo5Li2NyifiCkGwGEUg/+TvKsZMypkXjY2IptkbCo6pCpzAgiB3/jM9kV2BwgqNQOow8ybFMYORCAr1XNqQlqUTx7dhoPKcIzBnhF3AoleZP0de78HfaocYdviap42dTs6uoC02PZ2Y/050mPivx6+zAPUn+ft2C/YeI6Y/B+xQUUs7SQpvXrsK94f3jqSqTJHAATH2W4yDc1ewWnmNqirM52XJGmY6101omYM6aIVOFRlkEqRi+pm7b1EAiE/nNooqOK17tWZ7U5Lp+I0to0zV5CQrRAS2vA8AtO3Rco1eRDEvPz7C1Nz++b1gJV0DhLgmeZzCqkJJTB+kjaFJit7nt2fylpctWHeXssmfmgB0bDRCI3x22tOJs31szyOtnQBVN0vlEVb00maGhcRBHbcB7Xxynz2I7kxUhi1/XGTcxs979NksakuLd50jBdRYv3bZl+UxQ5ZsTLTTD+cV3M7YVIfEB71Mwawi40aOcdqxyfGhkDXheTQhB8IdjzpA+enO6nrZzXdYxIaX74JH5a/+Ym3sypkXjY2IptuiiApt1Eiqkr96TMSqWOWouwoRgzBfwLAwyR9lccNkpysBhPq7G5jK/Oizokde8Vrs49xirmeeYr96TMSqWOWpx3eqFo1Y4ogixuvWUW96RHqTUfdEK5OuOB1UuHgSjrkKMRQqAVwNgwGQYhQu+vCQTar2Mps33iF1eUyMNCwB3BC8YuJHQYGOT4TsnT8AyVjz3nGfiAlcRjtdRC+LhtcwMlIPY2hRk1QDwNUifIz4sZLuo/weNYPgbprRwIR7CD3PpdcoYdABuFmJHH90kfdgMlIPY2hRk1vrQlKSv6Uie9ARa6YAsQb+SgbfVWVjgwJravYnamJd7GiyzYd4x34Oazq6Rfi2THeLONHlJJqMginS/UaLJMBhEODQwOPTug0QiwItWfrf/VTE19ufzchLmY8yYjmeXWm37SolAFEV5xvrfqgfuFmL+LhQewYKiirUN2IrlyHqOT2jM2fXoSrERoTkfjl3JibhAPjAaS9lNi37IRvQ5DpWPwfsUFFLO0O4b9//mjBsQsB4uAYcmmuBKsKjrAvV9aOk30+3qCylKiG9Woj9dUSg0OvNI8386OUpjQCPOhIXa5xwI2tuZKSd0zQi8q3htBnTfzZqDc8iW/PmG3bzMYEHC0Tyra04XgdXuCVbf5MtAhUd1ccsWVhBBpAnELTCSdi8y7PTH2hv9vkJa0ipAXGyktXoi7j+U7A1cehHs3tLtFgJsAl/gaTuBTU+rRyi0/b777sT0aYHNaz8P8Pt2Ok9XWNHHQMX7fP9IVokjG0/vfiVpVNY5pLIDIoJ82pLKX7+vKuQEqKJu9ARa6YAsQbzyOIHeYFALCz8nc2xy0azGmDfpBRhPTsGO5dS17AWQyxxjG7Apxoq45CAtmuMOJ9+4ZdAFY0XPuFiD1t5i9KjLVTE19ufzchLmY8yYjmeXWvWMwZ5TUC+peokCkgWarX/06QL8DPCJo0azmirTrstNGrd+jGQ5x9cXL4wh0/l5Tsbef8RY5KrIziB9NIJ9dYWPwfsUFFLO0nwVQgwErP+prpI1N/ToZHwkXV7CjbdxDjcG3eI9Dr9EXLccnJlXIE27VJ77qOSqsuqKJ5YNt20AAb87pWl6EEwuQCzEWEUmSx/PeWCyOrnyWb5RuahV7RjMQtgzyoWgudZA5kS01s7TMqZF42NiKbVmmetgkTz59OFnSsjJ4T6aJb+Oe6PmL4QJ2SSiS4DveMg4C/zlr2zpD9P7i0IFelVrT/3k5B7O3rbWFx046kDFZelIBdJgnRbGwD6tAm9QRlaPma32HcRG5Vg7LMGd8jVrT/3k5B7O36bB6rDIDNPbMqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbcypkXjY2IptzKmReNjYim3MqZF42NiKbWfgNjHhqT0r+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn3STillIxTz3UyzS2bY6mJo0XJaVwCNXuwzIVWc0NaiHNdMb8LU7UnGqjzn1rkl4j5CdhrK1nYefkJ2GsrWdh5wsKrWsUg22L5CdhrK1nYefkJ2GsrWdh5k2GO+LjxJ403xr+YwauKPFPCu1gbDZpQ6K5ymTMIxYx7zhiPKvnR5iOCADrHmEXKfjSpEG/LXNTXAwSMqn3g0f1SAM9EDG9Rin0g+eLj8v+sDDcbpYTsE6SfQiFojzu3Mysy2rY2L+jBwN3i82z00Sis8pi7ozIP9xi7GrzR1iAhQ15vuzDFCfMsvHXW5a2lCdumLmVPswVNEVBjYgEGeBRRKzEjEy45tGmb+6+iASo+rN4X2J793TKwxtC/uCmAmcgdg8qfsoH/RnZmY3WaevkJ2GsrWdh5q05fXYni/epvZ2cExcperfkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYedtSYtvPjUlo/0Z2ZmN1mnr5CdhrK1nYeYyZQBxgW9SQNH/oKhBPuUQRJ+tNS5hK6q3q6p47/N/JWpGjJ9OG1+ZV5LnOvToEibKZX1KzYJrbZXZOeqY4oZn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5RB/mK1a/+dOXSRvpwRanQJED3vQB5/Gu+QnYaytZ2Hn5CdhrK1nYeXGi/30jUaijteArk5RlPqSbe2kFLZFuHfkJ2GsrWdh5+QnYaytZ2HmOZV/DJ7WjsO2ktNYLQFIFmkgc51VMrukxAS1AiAHmM/kJ2GsrWdh5r/J6PJHt3SkbHsJ9qznfo5l+/nafIjkwL1nwBjdMf66hiAd5hRS0RiO239sXDTZjiVHw0aoGmJ2pl/Mcj84mTkucnNrA8gA40EQU3oSmg0qdeNKbxilO8/kJ2GsrWdh5CGP1FAC9kClQmRJiu4SsnPTARCtHFLc36EnIYBIMSD75CdhrK1nYefkJ2GsrWdh5GK52QCGjGkxEH+YrVr/50/HvFNS/eUSy6SYgaJnjpPShmxJnC+rKuzM0pL6E0dmbj/XZv1JzKW6bZzaEF9gzszYYN8jgexqyPzaZP841U6Iz+Md+LUdUTIZqosa2GWrADkfn8tyEI3X5CdhrK1nYeZuinuzbcRP88PWp8m9bFEq0tj5OPZ2ULR5GPhg3STVhn+IwnW2l/qbwtRVETfG9cEuX7fQNWPzgC4o7bjpdREwedjeing9Z6scPIsvHcdJkSCk+GfdbIaB4LQyrni7DpQveH7At33ALEgFmxEmSNDM7Zr7idbUatXabwW7MLIqTqXIHvKlSzRj5CdhrK1nYeX/o0dSiPTfsk4GcXmyY/S9iWh15Y/KKyky/4nqMJ6QNMWx5XoqqMQjIL/P2K1p9zfkJ2GsrWdh5pU6tcR9mlZItejzGZCrZ1wmN9qI7ATeZNn7mTGylWB3O+UPtIGX9e7CnEPSy3TZS9kS8Lr5EhD1gnQngbDx3TP39m/43FGuvepuW23dK1iVZG1s+6DCFT7dcGW+KaAoTvSIQwZasRjFYuWrYgVvJIyihbZaVagSDatiEoa2Tb4adezZoUJGx04cWlivu9GIJsoQvGLq+SzEBy3wPglAqsMHV8w5OkZd5iHoM+DumgDPPovTKl/30IHKm7L9xLbUBYwk+LXxsXvPWLole/kvlaKP20ptKMoU/TXQfwO/JH7Qzb0W9hD8gjmJO8LU8S2sD6PYpGHGCr5m4B8ZUlqD8ZU/io47CRoRppVem3Bs4q6hH8f+ikFAaXP6Q6Jmv+esFLCSzXHdGdtP8lqWIlRVhBOrYe7oqQ+PSVeS5zr06BIlAxHSgABlelLmA6XO1HRjmaTyUKNQQk8FPzIe8wbzv+nKH6FZAPnvPOt2cd3i7uRQ4GqUwNQ0KmoyhXiyihjM6cofoVkA+e8863Zx3eLu5FDgapTA1DQqa407KbKHkCoKGr6BCJh9MywHop8o0SFd9ipRfOS3edf+C8lHCFoWAYGNwauyqP0kL6fu5HTimkiWhAjnsTQgvm8Sd/S7DdUDukl3fjOcxX+BMrg5O5NOfBfkJ2GsrWdh59izKofEp8T7tCJh/pwbtLDrdnHd4u7kUOsHdhCdv1A5VJNRtOLwoiXXunsFr4O3lkO5hXh98W47o9ikYcYKvmbgHxlSWoPxlT+KjjsJGhGmlV6bcGzirqEfx/6KQUBpc/pDoma/56wUsJLNcd0Z20/yWpYiVFWEE6th7uipD49JV5LnOvToEiYbCgckW4jVos2dTmswn6a6146kJjR+Khf8UELS8LSmkU+MmnnwFM8GhmYPpW955fahnz7ASfYfMlqeFs/SP0mvOjdh0F5fu0xqgl3kAtit3NylV2FV3jbTZHywShjzMgXTcwVlI+vykOteGYuj5nIfQjlm/Mtm8PP6Q6Jmv+esFMHPi567moyN1Hic/goMCpjZB+R6pDSPhBGu4lsbNqNQbk8zXTnjUlQgAaCZ1UMxSz6L0ypf99CCMfAm9E9/UaM3OpxqPpx5pFzqfz10TABC06agRqk2lzaa7D1v+tYw/HmBOrE3bbxS0MxTfpIEMEfPOR5ghW9cVDkfn8tyEI3XLaUBdMuSxkH4upZe4vDwcz6L0ypf99CD5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hk0G52L5IMo+4kB5mpClDnKOLscgCcULXT5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYefkJ2GsrWdh5+QnYaytZ2Hn5CdhrK1nYec4yJ7S2HCnP
System.Security.Cryptography
z.Tf
jaccesswalker.Properties.Resources.resources
11.0.3.0
16.0.0.0
16.0.0.0
11.0.3.0
11.0.3.0
11.0.3.0
mysecurityKey
LeXegclScZD.exe
LeXegclScZD.exe
LeXegclScZD.exe
get_Space
set_Space
Timer_Tick
&oc%E
jaccesswalker.Properties.Resources
^,%ni$
3nKT%o
3System.Resources.Tools.StronglyTypedResourceBuilder
DelegateEntries
player
System.Windows.Forms
mscoree.dll
$5ea6ef74-f34a-4555-a046-f4e4cd40a631
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
get_ResourceManager
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ahSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADPT
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
ShellObj
shellObj
DebuggerBrowsableState
DebuggableAttribute
DebuggingModes
ED49
CollisionShell
AnimationDetonationShell
HeighShell
WidtchShell
OnKeyDown
ComputeHash
Hn5[F^
TextToDecrypt
OnPaint
OnKeyUp
PaddingMode
Sleep
HashAlgorithm
CipherMode
CreateDecryptor
ICryptoTransform
shell
Random
random
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
set_StartPosition
DebuggerBrowsableAttribute
DebuggerNonUserCodeAttribute
MD5CryptoServiceProvider
Ddcw[QcU6FeOF2
OF23n3=,
_CorExeMain
get_Right
set_Right
get_Height
get_UTF8
Nullable`1
Dictionary`2
set_AutoScaleMode
get_Current
set_Left
get_Left
get_Enter
set_Enter
KeyValuePair`2
get_Transparent
get_Level_1
0eH?znLf
get_Bottom
&kWweO8)
set_ClientSize
set_Parent
get_Parent
get_MenuControl
O(P_MAc]
}WT"QT"EN
get_Culture
set_Culture
add_Tick
get_Value
get_Count
get_Image
get_White
set_Location

Foremost
Matches
0.exe, 306 KB, 217.png, 195 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 318582
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-04-13 18:23:55
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 109

pushpopmath
.text: 69

ss register
.text: 2

garbagebytes
.text: 38

hookdetection
.text: 4

software breakpoint
.text: 2

fakeconditionaljumps
.text: 6

programcontrolflowchange
.text: 32

cpuinstructionsresultscomparison
.text: 6

AVclass
high
1
VirusTotal
md5
06a4600d2cf671ae25307856c7ebc6c3
sha1
8f9dfe69fd80fa80a26604b98b788cc51adc6806
SCANS (DETECTION RATE = 62.86%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200415
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=89)
update: 20200416
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200416
version: 6.12
detected: True check_circle

Bkav
update: 20200416
version: 1.3.0.9899
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20200416
version: 11.103.33815
detected: True check_circle

ALYac
result: Trojan.GenericKD.33662729
update: 20200416
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200415
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20200416
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Agent.BGD.gen!Eldorado
update: 20200416
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.38185
update: 20200416
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33662729
update: 20200416
version: A:25.25422B:26.18394
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200416
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200416
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200416
version: 83024
detected: True check_circle

Zoner
update: 20200415
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200416
version: 0.102.2.0
detected: False cancel

Comodo
update: 20200416
version: 32332
detected: False cancel

F-Prot
result: W32/MSIL_Agent.BGD.gen!Eldorado
update: 20200416
version: 4.7.1.166
detected: True check_circle

McAfee
result: RDN/Generic PWS.y
update: 20200416
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200415
version: 25.0.0.24
detected: False cancel

Sophos
result: Troj/Fareit-KHP
update: 20200416
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.AvsArher.bSK66A
update: 20200415
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200416
version: 2.0.0.4070
detected: False cancel

Acronis
update: 20200416
version: 1.1.1.75
detected: False cancel

Alibaba
result: Trojan:Win32/starter.ali1000139
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D201A709
update: 20200416
version: 1.0.0.870
detected: True check_circle

Cylance
result: Unsafe
update: 20200416
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True check_circle

Sangfor
result: Malware
update: 20200412
version: 1.0
detected: True check_circle

TACHYON
update: 20200416
version: 2020-04-16.03
detected: False cancel

Tencent
update: 20200416
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200416
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200416
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200416
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.33662729
update: 20200416
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200416
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33662729 (B)
update: 20200416
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20200416
version: 12.0.86.52
detected: False cancel

Fortinet
result: Malicious_Behavior.SB
update: 20200416
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200407
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200416
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200416
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200416
version: 1.0
detected: True check_circle

Symantec
result: Trojan Horse
update: 20200416
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20200123
version: 3.2.22.914
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Injector.C4060013
update: 20200416
version: 3.17.4.26996
detected: True check_circle

Antiy-AVL
update: 20200416
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200416
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200416
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Malagent!MSR
update: 20200416
version: 1.1.16900.4
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200416
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200416
version: 1.0
detected: True check_circle

Cybereason
result: malicious.9fd80f
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.VLE
update: 20200416
version: 21174
detected: True check_circle

TrendMicro
result: TROJ_GEN.R022C0DDF20
update: 20200416
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33662729
update: 20200416
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200407
version: 11.102.33708
detected: False cancel

SentinelOne
update: 20200406
version: 2.1.0.89
detected: False cancel

Avast-Mobile
update: 20200415
version: 200415-00
detected: False cancel

Malwarebytes
result: Spyware.AgentTesla
update: 20200416
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
update: 20200416
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200416
version: 1.0.134.25032
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34106.tm0@aiwbkMp
update: 20200408
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33662729
update: 20200416
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200415
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.fc
update: 20200415
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R022C0DDF20
update: 20200416
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
cfc7ac63065aa877873bcb233adb467a76494e35256575a9f964fff6c71b411c
scan_id
cfc7ac63065aa877873bcb233adb467a76494e35256575a9f964fff6c71b411c-1587046295
resource
06a4600d2cf671ae25307856c7ebc6c3
positives
44
scan_date
2020-04-16 14:11:35
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
8/6/2020 - 15:45:44.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
8/6/2020 - 15:45:44.715Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:44.715Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:44.715Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:44.715Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:44.715Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:44.715Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:44.715Open1480C:\malware.exeC:\malware.exe.config
8/6/2020 - 15:45:44.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
8/6/2020 - 15:45:44.731Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
8/6/2020 - 15:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
8/6/2020 - 15:45:44.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
8/6/2020 - 15:45:45.28Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
8/6/2020 - 15:45:45.168Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
8/6/2020 - 15:45:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:46.997Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:47.43Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:47.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.793Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\
8/6/2020 - 15:45:47.793Unknown1480C:\malware.exeC:\
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Monitor
8/6/2020 - 15:45:47.793Unknown1480C:\malware.exeC:\Monitor
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:45:47.793Unknown1480C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.793Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:45:47.793Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:45:47.840Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:45:47.840Open1480C:\malware.exeC:\malware.config
8/6/2020 - 15:45:47.840Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.840Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.840Open1480C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:45:47.840Unknown1480C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:47.840Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
8/6/2020 - 15:45:47.840Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.872Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:45:47.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
8/6/2020 - 15:45:47.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
8/6/2020 - 15:45:47.872Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:47.887Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
8/6/2020 - 15:45:47.887Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
8/6/2020 - 15:45:47.887Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.887Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:47.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
8/6/2020 - 15:45:47.965Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:47.965Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
8/6/2020 - 15:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:48.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.575Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.575Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:50.184Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:50.418Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:51.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:45:51.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:52.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:52.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:53.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
8/6/2020 - 15:45:53.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
8/6/2020 - 15:45:53.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
8/6/2020 - 15:45:54.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
8/6/2020 - 15:45:54.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
8/6/2020 - 15:45:54.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
8/6/2020 - 15:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:54.481Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
8/6/2020 - 15:45:54.481Open1480C:\malware.exeC:\bcrypt.dll
8/6/2020 - 15:45:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
8/6/2020 - 15:45:54.481Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
8/6/2020 - 15:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\CRYPTSP.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
8/6/2020 - 15:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
8/6/2020 - 15:45:56.75Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
8/6/2020 - 15:45:56.262Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
8/6/2020 - 15:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.497Open1480C:\malware.exeC:\malware.config
8/6/2020 - 15:45:56.497Open1480C:\malware.exeC:\pt-BR\LeXegclScZD.resources.dll
8/6/2020 - 15:45:56.497Open1480C:\malware.exeC:\pt-BR\LeXegclScZD.resources\LeXegclScZD.resources.dll
8/6/2020 - 15:45:56.497Open1480C:\malware.exeC:\pt-BR\LeXegclScZD.resources.exe
8/6/2020 - 15:45:56.497Open1480C:\malware.exeC:\pt-BR\LeXegclScZD.resources\LeXegclScZD.resources.exe
8/6/2020 - 15:45:56.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
8/6/2020 - 15:45:56.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:56.731Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:56.731Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:45:56.731Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\pt\LeXegclScZD.resources.dll
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\pt\LeXegclScZD.resources\LeXegclScZD.resources.dll
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\pt\LeXegclScZD.resources.exe
8/6/2020 - 15:45:56.731Open1480C:\malware.exeC:\pt\LeXegclScZD.resources\LeXegclScZD.resources.exe
8/6/2020 - 15:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
8/6/2020 - 15:45:56.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
8/6/2020 - 15:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\WindowsCodecs.dll
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
8/6/2020 - 15:45:56.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
8/6/2020 - 15:45:56.747Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
8/6/2020 - 15:45:56.747Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
8/6/2020 - 15:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:45:56.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:56.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:57.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.575Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
8/6/2020 - 15:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:58.668Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/6/2020 - 15:45:58.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/6/2020 - 15:45:58.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/6/2020 - 15:45:58.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/6/2020 - 15:45:58.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:58.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/6/2020 - 15:45:58.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:58.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:58.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/6/2020 - 15:45:59.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
8/6/2020 - 15:45:59.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/6/2020 - 15:45:59.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/6/2020 - 15:45:59.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
8/6/2020 - 15:45:59.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:45:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.497Open1480C:\malware.exeC:\ntdll.dll
8/6/2020 - 15:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
8/6/2020 - 15:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:0.590Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:0.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:46:0.684Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:46:0.684Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:0.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:0.731Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:0.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:0.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:0.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:0.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:0.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:0.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:46:1.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
8/6/2020 - 15:46:1.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\lkkEqDQvsEcXHsiKOFOKeRZUWxiLA.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\lkkEqDQvsEcXHsiKOFOKeRZUWxiLA\lkkEqDQvsEcXHsiKOFOKeRZUWxiLA.dll
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\lkkEqDQvsEcXHsiKOFOKeRZUWxiLA.exe
8/6/2020 - 15:46:1.293Open1480C:\malware.exeC:\lkkEqDQvsEcXHsiKOFOKeRZUWxiLA\lkkEqDQvsEcXHsiKOFOKeRZUWxiLA.exe
8/6/2020 - 15:46:1.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
8/6/2020 - 15:46:1.622Open1480C:\malware.exeC:\VERSION.dll
8/6/2020 - 15:46:1.622Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
8/6/2020 - 15:46:1.622Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
8/6/2020 - 15:46:1.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:1.622Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
8/6/2020 - 15:46:1.668Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.668Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:1.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:1.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:2.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:2.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:2.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
8/6/2020 - 15:46:2.747Open1480C:\malware.exeC:\shfolder.dll
8/6/2020 - 15:46:2.747Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
8/6/2020 - 15:46:2.747Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
8/6/2020 - 15:46:2.981Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:2.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.590Open1480C:\malware.exeC:\ntmarta.dll
8/6/2020 - 15:46:3.590Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
8/6/2020 - 15:46:3.590Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
8/6/2020 - 15:46:3.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:3.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:3.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:3.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
8/6/2020 - 15:46:3.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.918Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Read1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Read1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Read1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Read1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Read1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:3.918Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:3.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:3.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.965Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:3.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:4.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:4.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:4.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:4.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exe
8/6/2020 - 15:46:4.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:4.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:4.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\PFVIBdjlBF.exePFVIBdjlBF.exe
8/6/2020 - 15:46:4.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:4.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:4.481Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:4.481Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:4.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Monitor
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Monitor
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\PROPSYS.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\apphelp.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.622Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.622Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.684Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.684Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.684Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.684Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.684Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.684Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:4.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:4.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:4.700Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Monitor\schtasks.exe
8/6/2020 - 15:46:4.700Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:4.762Open1480C:\malware.exeC:\
8/6/2020 - 15:46:4.762Unknown1480C:\malware.exeC:\
8/6/2020 - 15:46:4.762Open1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.762Unknown1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.762Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
8/6/2020 - 15:46:4.825Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Windows\System32\propsys.dll
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:4.825Open1480C:\malware.exeC:\Windows\System32\propsys.dll
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Secur32.dll
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:4.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\
8/6/2020 - 15:46:4.918Unknown1480C:\malware.exeC:\
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.918Unknown1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.918Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.918Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.918Unknown1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:4.918Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
8/6/2020 - 15:46:4.934Open1480C:\malware.exeC:\Monitor
8/6/2020 - 15:46:4.934Unknown1480C:\malware.exeC:\Monitor
8/6/2020 - 15:46:4.934Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:5.122Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\
8/6/2020 - 15:46:5.122Unknown1480C:\malware.exeC:\
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:5.122Unknown1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:5.122Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:5.122Unknown1480C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.122Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.122Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.122Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
8/6/2020 - 15:46:5.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows
8/6/2020 - 15:46:5.168Unknown1980C:\Windows\SysWOW64\schtasks.exeC:\Windows
8/6/2020 - 15:46:5.168Open1980C:\Windows\SysWOW64\schtasks.exeC:\Monitor
8/6/2020 - 15:46:5.293Open1480C:\malware.exeC:\RpcRtRemote.dll
8/6/2020 - 15:46:5.293Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
8/6/2020 - 15:46:5.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
8/6/2020 - 15:46:5.293Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
8/6/2020 - 15:46:5.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
8/6/2020 - 15:46:5.543Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:5.543Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:5.543Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
8/6/2020 - 15:46:5.543Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
8/6/2020 - 15:46:5.653Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:5.653Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
8/6/2020 - 15:46:5.668Unknown1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:5.668Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:5.856Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
8/6/2020 - 15:46:5.856Open1980C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
8/6/2020 - 15:46:5.950Open1980C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:5.950Read1980C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:5.950Read1980C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:7.450Unknown1980C:\Windows\SysWOW64\schtasks.exeC:\Windows
8/6/2020 - 15:46:7.450Unknown1980C:\Windows\SysWOW64\schtasks.exeC:\Monitor
8/6/2020 - 15:46:7.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:7.497Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
8/6/2020 - 15:46:7.497Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:7.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:7.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp558F.tmp
8/6/2020 - 15:46:7.497Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.497Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.497Open1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.497Unknown1480C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
8/6/2020 - 15:46:7.543Read2756C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
8/6/2020 - 15:46:7.543Open2756C:\malware.exe\Device\HarddiskVolume2
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\Favorites
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\Favorites
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\Favorites
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Windows\assembly
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Windows\assembly
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Windows\assembly
8/6/2020 - 15:46:7.543Open2756C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.543Unknown2756C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.543Read2756C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
8/6/2020 - 15:46:7.543Read1692C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
8/6/2020 - 15:46:7.543Open1692C:\malware.exe\Device\HarddiskVolume2
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Monitor\Malware
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
8/6/2020 - 15:46:7.543Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/6/2020 - 15:46:7.543Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
8/6/2020 - 15:46:7.559Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:7.559Open1692C:\malware.exeC:\Users\Behemot\Favorites
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Users\Behemot\Favorites
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Users\Behemot\Favorites
8/6/2020 - 15:46:7.559Open1692C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
8/6/2020 - 15:46:7.559Open1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.559Open1692C:\malware.exeC:\Windows\assembly
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Windows\assembly
8/6/2020 - 15:46:7.559Unknown1692C:\malware.exeC:\Windows\assembly
8/6/2020 - 15:46:7.559Open1692C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.606Unknown1692C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.606Unknown1692C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.606Open1692C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
8/6/2020 - 15:46:7.606Unknown1692C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
8/6/2020 - 15:46:7.606Unknown1692C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
8/6/2020 - 15:46:7.606Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.606Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.606Read1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.606Unknown2756C:\malware.exeC:\Windows\assembly\GAC_32
8/6/2020 - 15:46:7.606Open2756C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
8/6/2020 - 15:46:7.606Unknown2756C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
8/6/2020 - 15:46:7.606Unknown2756C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
8/6/2020 - 15:46:7.606Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\Globalization
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Globalization
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Globalization
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\Microsoft.NET
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\Microsoft.NET\Framework
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\apisetschema.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.653Unknown2756C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.653Open2756C:\malware.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:7.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116265
8/6/2020 - 15:46:7.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116265
8/6/2020 - 15:46:7.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116265
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\SysWOW64\ole32.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\SysWOW64\ole32.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\SysWOW64\profapi.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\SysWOW64\profapi.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:7.668Open2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
8/6/2020 - 15:46:7.668Unknown2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:46:7.668Read2756C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:46:7.684Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:46:7.684Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
8/6/2020 - 15:46:7.684Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
8/6/2020 - 15:46:7.684Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
8/6/2020 - 15:46:7.684Open2756C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
8/6/2020 - 15:46:7.684Open2756C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
8/6/2020 - 15:46:7.684Read2756C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\ole32.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\profapi.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.684Unknown2756C:\malware.exe\Device\HarddiskVolume2
8/6/2020 - 15:46:7.684Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.684Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
8/6/2020 - 15:46:7.684Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
8/6/2020 - 15:46:7.684Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Globalization
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Globalization
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Globalization
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Microsoft.NET
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Microsoft.NET\Framework
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\apisetschema.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\ole32.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\ole32.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\profapi.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\profapi.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
8/6/2020 - 15:46:7.700Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
8/6/2020 - 15:46:7.700Open1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\ASYNC_USERSYNC[1].JS
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[8].XML
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\malware.exe
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\System32\mctres.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\ole32.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\profapi.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exe\Device\HarddiskVolume2
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\System32\wow64log.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.715Unknown1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\version.DLL
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\SysWOW64\version.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\SysWOW64\version.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\wsock32.dll
8/6/2020 - 15:46:7.715Open1692C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
8/6/2020 - 15:46:7.731Open1692C:\malware.exeC:\Windows\SysWOW64\wsock32.dll
8/6/2020 - 15:46:7.747Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.747Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.747Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.747Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.747Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.747Open1692C:\malware.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:7.747Unknown1480C:\malware.exeC:\Windows
8/6/2020 - 15:46:7.747Unknown1480C:\malware.exeC:\Monitor
8/6/2020 - 15:46:7.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
8/6/2020 - 15:46:7.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
8/6/2020 - 15:46:7.747Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:7.981Open1692C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
8/6/2020 - 15:46:7.981Open1692C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
8/6/2020 - 15:46:7.981Open1692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:7.981Open1692C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\netapi32.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\netapi32.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\netutils.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\netutils.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\netutils.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\srvcli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\srvcli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\wkscli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\wkscli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\SAMCLI.DLL
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\samcli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\samcli.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\msi.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\msi.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\msi.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\pstorec.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\pstorec.dll
8/6/2020 - 15:46:8.28Open1692C:\malware.exeC:\Windows\SysWOW64\pstorec.dll
8/6/2020 - 15:46:8.215Open1692C:\malware.exeC:\ATL.DLL
8/6/2020 - 15:46:8.215Open1692C:\malware.exeC:\Windows\SysWOW64\atl.dll
8/6/2020 - 15:46:8.215Open1692C:\malware.exeC:\Windows\SysWOW64\atl.dll
8/6/2020 - 15:46:8.543Open1692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
8/6/2020 - 15:46:8.543Unknown1692C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:8.825Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\HWID
8/6/2020 - 15:46:8.825Open1692C:\malware.exeC:\Windows\wcx_ftp.ini
8/6/2020 - 15:46:8.825Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:8.825Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:8.825Open1692C:\malware.exeC:\Users\Behemot\wcx_ftp.ini
8/6/2020 - 15:46:8.825Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:8.840Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GHISLER\wcx_ftp.ini
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData
8/6/2020 - 15:46:8.840Unknown1692C:\malware.exeC:\ProgramData
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GHISLER\wcx_ftp.ini
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:8.840Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GHISLER\wcx_ftp.ini
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Windows\win.ini
8/6/2020 - 15:46:8.840Read1692C:\malware.exeC:\Windows\win.ini
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Windows\win.ini
8/6/2020 - 15:46:8.840Read1692C:\malware.exeC:\Windows\win.ini
8/6/2020 - 15:46:8.840Unknown1692C:\malware.exeC:\Windows\win.ini
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\Common Files
8/6/2020 - 15:46:8.840Unknown1692C:\malware.exeC:\Program Files (x86)\Common Files
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\Common Files\Ipswitch\WS_FTP\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\Ipswitch
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Ipswitch
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GlobalSCAPE\CuteFTP\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\CuteFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GlobalSCAPE\CuteFTP\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GlobalSCAPE\CuteFTP Pro\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\GlobalSCAPE\CuteFTP Lite\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\CuteFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GlobalSCAPE\CuteFTP\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GlobalSCAPE\CuteFTP Pro\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GlobalSCAPE\CuteFTP Lite\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\CuteFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)
8/6/2020 - 15:46:8.840Unknown1692C:\malware.exeC:\Program Files (x86)
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\GlobalSCAPE\CuteFTP\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\CuteFTP\sm.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Program Files (x86)\CuteFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FlashFXP\3\Sites.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FlashFXP\4\Sites.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FlashFXP\3\Quick.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FlashFXP\4\Quick.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FlashFXP\3\History.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FlashFXP\4\History.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FlashFXP\3\Sites.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FlashFXP\4\Sites.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FlashFXP\3\Quick.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FlashFXP\4\Quick.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FlashFXP\3\History.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FlashFXP\4\History.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FlashFXP\3\Sites.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FlashFXP\4\Sites.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FlashFXP\3\Quick.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FlashFXP\4\Quick.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FlashFXP\3\History.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FlashFXP\4\History.dat
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\sitemanager.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\filezilla.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FileZilla\sitemanager.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FileZilla\recentservers.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FileZilla\filezilla.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FileZilla\sitemanager.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FileZilla\recentservers.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FileZilla\filezilla.xml
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\BulletProof Software
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\BulletProof Software
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\BulletProof Software
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\BulletProof Software
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\BulletProof Software
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\BulletProof Software
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SmartFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\TurboFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\TurboFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\TurboFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\TurboFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\TurboFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\TurboFTP
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTP Explorer
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FTP Explorer
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FTP Explorer
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Frigate3
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\Frigate3
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Frigate3
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\VanDyke\Config\Sessions\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\VanDyke\Config\Sessions\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\VanDyke\Config\Sessions\
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPRush
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\ProgramData\FTPRush
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FTPRush
8/6/2020 - 15:46:8.840Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\BitKinex
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\BitKinex
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\BitKinex
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\ExpanDrive\drives.js
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\ExpanDrive\drives.js
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\ExpanDrive\drives.js
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\GPSoftware\Directory Opus\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SharedSettings.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SharedSettings.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SharedSettings_1_0_5.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\SharedSettings_1_0_5.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\SharedSettings.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\SharedSettings.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\SharedSettings_1_0_5.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\SharedSettings_1_0_5.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SharedSettings.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SharedSettings.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SharedSettings_1_0_5.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\SharedSettings_1_0_5.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\CoffeeCup Software\SharedSettings.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\CoffeeCup Software\SharedSettings.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\CoffeeCup Software\SharedSettings.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\CoffeeCup Software\SharedSettings.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\LeapWare\LeapFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\LeapWare\LeapFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\LeapWare\LeapFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\LeapWare\LeapFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\LeapWare\LeapFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\LeapWare\LeapFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Windows\32BitFtp.ini
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetDrive
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\NetDrive
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\NetDrive
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:8.856Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData
8/6/2020 - 15:46:8.856Unknown1692C:\malware.exeC:\ProgramData
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:8.856Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\AceBIT
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\AceBIT
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\AceBIT
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\RhinoSoft.com
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\RhinoSoft.com
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\RhinoSoft.com
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\RhinoSoft.com
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\RhinoSoft.com
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\RhinoSoft.com
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\Desktop
8/6/2020 - 15:46:8.856Unknown1692C:\malware.exeC:\Users\Behemot\Desktop
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\Desktop
8/6/2020 - 15:46:8.856Unknown1692C:\malware.exeC:\Users\Behemot\Desktop
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\FTPGetter
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FTPGetter
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Estsoft\ALFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\Estsoft\ALFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Estsoft\ALFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Estsoft\ALFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\ProgramData\Estsoft\ALFTP\
8/6/2020 - 15:46:8.856Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Estsoft\ALFTP\
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:13.934Unknown1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:13.934Unknown1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:13.934Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\WindowsShell.Manifest
8/6/2020 - 15:46:13.934Unknown1692C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Secur32.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\secur32.dll
8/6/2020 - 15:46:13.934Open1692C:\malware.exeC:\Windows\SysWOW64\secur32.dll
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
8/6/2020 - 15:46:13.950Unknown1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\MLANG.dll
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Windows\SysWOW64\mlang.dll
8/6/2020 - 15:46:13.950Open1692C:\malware.exeC:\Windows\SysWOW64\mlang.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
8/6/2020 - 15:46:13.965Unknown1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
8/6/2020 - 15:46:13.965Unknown1692C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\PROPSYS.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Google\Chrome\
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Google\Chrome\
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Google\Chrome\
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Google\Chrome\
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Chromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Chromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Chromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Chromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\ChromePlus
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\ChromePlus
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\ChromePlus
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\ChromePlus
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\ChromePlus
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\ChromePlus
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Bromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Bromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Bromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Bromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Bromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Bromium
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Nichrome
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Nichrome
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Nichrome
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Nichrome
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Nichrome
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Nichrome
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Comodo
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Comodo
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\RockMelt
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\RockMelt
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\RockMelt
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\RockMelt
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\RockMelt
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\RockMelt
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Sites
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Visicom Media
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Sites
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Visicom Media
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Sites
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Visicom Media
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Global Downloader
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\Global Downloader
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Global Downloader
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\BlazeFtp
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\BlazeFtp
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\BlazeFtp
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\3D-FTP
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\SiteDesigner
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\NetSarang
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\ProgramData\NetSarang
8/6/2020 - 15:46:13.965Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\NetSarang
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Documents
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Documents\Meus vdeos
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Videos
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Videos
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Documents\Minhas imagens
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Pictures
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Pictures
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Documents\Minhas msicas
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\Music
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Music
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\Documents
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
8/6/2020 - 15:46:14.28Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Cyberduck
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\Cyberduck
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Cyberduck
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Cyberduck
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\Cyberduck
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Cyberduck
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Notepad++
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\Notepad++
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Notepad++
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPInfo
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\FTPInfo
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\FTPInfo
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\MapleStudio\ChromePlus\
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\MapleStudio\ChromePlus\
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\MapleStudio\ChromePlus\
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\MapleStudio\ChromePlus\
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Yandex
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Yandex
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\Yandex
8/6/2020 - 15:46:14.28Open1692C:\malware.exeC:\ProgramData\Yandex
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\INSoftware\NovaFTP\
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\ProgramData\INSoftware\NovaFTP\
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\INSoftware\NovaFTP\
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\ProgramData\Pocomail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Pocomail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\BatMail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\ProgramData\BatMail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\BatMail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\BatMail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\ProgramData\BatMail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\BatMail
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\ProgramData\The Bat!
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\The Bat!
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\ProgramData\The Bat!
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\The Bat!
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\nlaapi.dll
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
8/6/2020 - 15:46:14.75Open1692C:\malware.exeC:\Windows\SysWOW64\NapiNSP.dll
8/6/2020 - 15:46:14.403Open1692C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
8/6/2020 - 15:46:14.403Open1692C:\malware.exeC:\Windows\SysWOW64\pnrpnsp.dll
8/6/2020 - 15:46:14.731Open1692C:\malware.exeC:\DNSAPI.dll
8/6/2020 - 15:46:14.731Open1692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
8/6/2020 - 15:46:14.731Open1692C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
8/6/2020 - 15:46:14.731Open1692C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
8/6/2020 - 15:46:14.731Open1692C:\malware.exeC:\Windows\SysWOW64\winrnr.dll
8/6/2020 - 15:46:14.965Open1692C:\malware.exeC:\IPHLPAPI.DLL
8/6/2020 - 15:46:14.965Open1692C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
8/6/2020 - 15:46:14.965Open1692C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
8/6/2020 - 15:46:14.965Open1692C:\malware.exeC:\WINNSI.DLL
8/6/2020 - 15:46:14.965Open1692C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
8/6/2020 - 15:46:14.965Open1692C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
8/6/2020 - 15:46:17.887Open1692C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
8/6/2020 - 15:46:17.887Open1692C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
8/6/2020 - 15:46:17.981Open1692C:\malware.exeC:\rasadhlp.dll
8/6/2020 - 15:46:17.981Open1692C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
8/6/2020 - 15:46:17.981Open1692C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
8/6/2020 - 15:46:20.59Open1692C:\malware.exeC:\SAMLIB.dll
8/6/2020 - 15:46:20.59Open1692C:\malware.exeC:\Windows\SysWOW64\samlib.dll
8/6/2020 - 15:46:20.59Open1692C:\malware.exeC:\Windows\SysWOW64\samlib.dll
8/6/2020 - 15:46:20.434Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.434Write1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:20.450Unknown1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.450Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\malware.exe.Local
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:20.450Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
8/6/2020 - 15:46:20.450Open1692C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
8/6/2020 - 15:46:20.450Read1692C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
8/6/2020 - 15:46:20.465Open1692C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:20.465Open1692C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:20.465Open1692C:\malware.exeC:\Windows\System32\propsys.dll
8/6/2020 - 15:46:20.465Open1692C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:20.465Open1692C:\malware.exeC:\Windows\SysWOW64\propsys.dll
8/6/2020 - 15:46:20.465Open1692C:\malware.exeC:\Windows\System32\propsys.dll
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Music\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Music\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
8/6/2020 - 15:46:20.481Read1692C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
8/6/2020 - 15:46:20.481Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Users\Behemot\Links\desktop.ini
8/6/2020 - 15:46:20.497Read1692C:\malware.exeC:\Users\Behemot\Links\desktop.ini
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
8/6/2020 - 15:46:20.497Read1692C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\apphelp.dll
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:20.497Unknown1692C:\malware.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.497Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Read1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Read1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.684Open1692C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
8/6/2020 - 15:46:20.731Open1692C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:20.731Open1692C:\malware.exeC:\Windows\SysWOW64\shell32.dll
8/6/2020 - 15:46:20.731Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.731Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.731Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.731Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.731Open1692C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.747Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat:Zone.Identifier
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Write1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Read1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Open1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.793Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.840Unknown1692C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:20.840Open1692C:\malware.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:20.840Open1692C:\malware.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:20.840Open1692C:\malware.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.43Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:21.43Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
8/6/2020 - 15:46:21.43Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
8/6/2020 - 15:46:21.43Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
8/6/2020 - 15:46:21.43Unknown1692C:\malware.exeC:\Windows
8/6/2020 - 15:46:21.43Unknown1692C:\malware.exeC:\Monitor
8/6/2020 - 15:46:21.43Unknown1692C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
8/6/2020 - 15:46:21.43Open2452C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:21.90Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:21.90Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:21.90Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:21.106Open2452C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
8/6/2020 - 15:46:21.106Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:21.106Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:21.106Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.106Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
8/6/2020 - 15:46:21.106Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
8/6/2020 - 15:46:21.106Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.106Open2452C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
8/6/2020 - 15:46:21.106Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.106Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.153Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.153Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor
8/6/2020 - 15:46:21.450Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.450Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
8/6/2020 - 15:46:21.450Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:21.450Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
8/6/2020 - 15:46:21.450Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.450Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
8/6/2020 - 15:46:21.465Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor
8/6/2020 - 15:46:21.465Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Monitor
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.465Unknown2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor
8/6/2020 - 15:46:21.465Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Monitor
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\"C:\Users\Behemot\AppData\Local\Temp\1151968.bat"
8/6/2020 - 15:46:21.465Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.465Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.512Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.528Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
8/6/2020 - 15:46:21.528Delete2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\malware.exe
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Read2452C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Malware
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Read2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
8/6/2020 - 15:46:21.528Delete2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
8/6/2020 - 15:46:21.528Open2452C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\1151968.bat
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Windows
8/6/2020 - 15:46:21.528Unknown2452C:\Windows\SysWOW64\cmd.exeC:\Monitor

Process
Trace
8/6/2020 - 15:46:5.122Create1480C:\malware.exe1980C:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:7.450Terminate1480C:\malware.exe1980C:\Windows\SysWOW64\schtasks.exe
8/6/2020 - 15:46:7.497Create1480C:\malware.exe2756C:\malware.exe
8/6/2020 - 15:46:7.497Create1480C:\malware.exe1692C:\malware.exe
8/6/2020 - 15:46:7.684Terminate1480C:\malware.exe2756C:\malware.exe
8/6/2020 - 15:46:21.43Create1692C:\malware.exe2452C:\Windows\SysWOW64\cmd.exe
8/6/2020 - 15:46:21.43Terminate1480C:\malware.exe1692C:\malware.exe
8/6/2020 - 15:46:21.528Terminate1692C:\malware.exe2452C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
8/6/2020 - 15:46:4.918Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
8/6/2020 - 15:46:8.825Write1692C:\malware.exeHKCU\Software\WinRARHWID
8/6/2020 - 15:46:13.934Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ContentCachePrefix
8/6/2020 - 15:46:13.950Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\CookiesCachePrefix
8/6/2020 - 15:46:13.950Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\HistoryCachePrefix
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
8/6/2020 - 15:46:20.747Write1692C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code touchofclass-drycleaners.co.uk.
computer localhost arrow_forward computer gateway:DNS code touchofclass-drycleaners.co.uk.

Response
computer gateway:DNS arrow_forward computer localhost code touchofclass-drycleaners.co.uk. reply_all 185.67.1.42


TCP
Info
185.67.1.42:80 arrow_forward computer localhost:65191
computer localhost:65191 arrow_forward 185.67.1.42:80

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET touchofclass-drycleaners.co.uk attach_file /shit.exe

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.64%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 74.83%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 58.92%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.91%
suspicious: True check_circle

Add to Collection
Download