Report #10755 check_circle

  • Creation Date: June 24, 2020, 8:39 p.m.
  • Last Update: June 24, 2020, 8:43 p.m.
  • File: PO-K-128 IAN 340854.exe
  • Results:
Binary
DLL
False cancel
Size
509.50KB
trid
39.9% Win32 Executable MS Visual C++
35.4% Win64 Executable
8.4% Win32 Dynamic Link Library
5.7% Win32 Executable
2.6% Win16/32 Executable Delphi generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
47b22c08eef449dc6e3e53842bb05ba6
sha1
30c80a6db45d0acc80ff97764c62893bddfe7ec0
crc32
0x57d97488
sha224
d4127538c4f6aac244c1204f597f6564c121ffca2725dea86d117606
sha256
5a2e0820c6fa8642f95dbce64665b75f36f697758a7f49aa163b796e192ff30e
sha384
fd18124618411b0c66176ac83e8c4927d50f9840736acf8bad49803e42a7e981d273aed870a37c2510c28aa42b623b3b
sha512
d93ea5d3a0ec01dabac629d48ee837b1c00ab18cc12915a67b03fa594b237da7df6fdd26038070f34769ea2624c2f3425fc26fd4c6d83ea33bc27da9b860b09b
ssdeep
12288:5QHk+nYkn4jm8fCxDQ5vHAKAeKIsGw1JuOoIolhRcDVc5zsDKrFk:mHiDjm8fCFKvAAKIsGZGol
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, anti_dbg, DebuggerCheck__QueryInfo, IP, contentis_base64, IsNET_EXE, IsPacked, DebuggerCheck__RemoteAPI, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
MPOc.VE
f.Hr
System.IO
TetrisCore.Windows
TetrisCore.Properties
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
System.ComponentModel.Design
U6.ly
w5.kE
1.bS
y.Wf
Z.kH
?D.Ae/
TetrisCore.Properties.Resources.resources
LkH.rnm
highscores.dat
vs.data.DataSet
ntdll.dll
ExecuteThreadDelegate
16.0.0.0
16.0.0.0
16.1.0.0
7.3.6.0
7.3.6.0
7.3.6.0
7.3.6.0
OnRowDeleted
OnRowDeleting
<g|IPh3
ePH%6
C/A&o
AfD;
>fDE
(System.Data.Design.TypedDataSetGenerator
A%2i$
%cf(aa
#E%dF
"!V%eR
RegisterWindowsDelegate
3System.Resources.Tools.StronglyTypedResourceBuilder
from
Next
Count
Vced
Act
Delegate
%sASt
MulticastDelegate
builder
System.Windows.Forms
mscoree.dll
get_ServiceHost2
ZJLdvblOAq.exe
ZJLdvblOAq.exe
ZJLdvblOAq.exe
get_Magenta
set_ScoreManager
get_ScoreManager
TetrisCore.Managers
_isRunning
_gameManager
_scoreManager
_inputManager
_graphicsManager
get_ResourceManager
M.iD}
ExecuteThread
executionBody
RegisterWindow
RegisterWindows
ServiceHost2
XmlRootAttribute
DebuggerBrowsableState
OutputDebugString
DebuggableAttribute
DebuggingModes
ResourceManager
ScoreManager
InputManager
ExitListener
GameManager
GraphicsManager
IsDebuggerPresent
Debugger
scoreManager
gameManager
ConfigurationManager
4dE
register
VirtualProtect
OnEnterWindow
4eEd
7faD
OnInitializeWindow
OnLeaveWindow
OnRowChanging
OnRowChanged
OnGameOver
Hashtable
(]87

Foremost
Matches
0.exe, 509 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ntdll.dll, mscoree.dll, kernel32.dll
hasFiles: True check_circle
Suspicious: System.Xml, highscores.dat
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 429568
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: _h5!n+, .text, .rsrc, .reloc,
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 557066
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: ntdll.dll, mscoree.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-09 10:03:03
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
none: 213
.text: 3

pushpopmath
none: 124
.text: 8

ss register
none: 4

garbagebytes
none: 78

hookdetection
none: 6

software breakpoint
none: 7
.text: 2

fakeconditionaljumps
none: 9

programcontrolflowchange
none: 70

cpuinstructionsresultscomparison
none: 1
.rsrc: 1

AVclass
agensla
1
VirusTotal
md5
47b22c08eef449dc6e3e53842bb05ba6
sha1
30c80a6db45d0acc80ff97764c62893bddfe7ec0
SCANS (DETECTION RATE = 67.57%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200611
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200611
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=88)
update: 20200611
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200610
version: 6.35
detected: True check_circle

Bkav
update: 20200611
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200609
version: 11.114.34350
detected: False cancel

ALYac
update: 20200611
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:PWSX-gen [Trj]
update: 20200611
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Dropper.MSIL.gyahu
update: 20200611
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 100)
update: 20200611
version: 4.0.0.24
detected: True check_circle

Cyren
update: 20200611
version: 6.3.0.2
detected: False cancel

DrWeb
result: Trojan.Siggen9.52784
update: 20200611
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.33999037
update: 20200611
version: A:25.25893B:27.19054
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200611
version: 4.6.4.2
detected: True check_circle

VBA32
result: CIL.HeapOverride.Heur
update: 20200611
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200611
version: 84394
detected: True check_circle

Zoner
update: 20200611
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200611
version: 0.102.3.0
detected: False cancel

Comodo
result: Malware@#jr55vv4ppvsi
update: 20200611
version: 32526
detected: True check_circle

F-Prot
update: 20200611
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Inject
update: 20200611
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic.rp
update: 20200611
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200611
version: 25.0.0.25
detected: False cancel

Sophos
result: Troj/BladaB-PC
update: 20200611
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.AvsArher.bTQUeE
update: 20200611
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200611
version: 2.0.0.4108
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: TrojanPSW:MSIL/Kryptik.7c69a484
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D206C8BD
update: 20200611
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200611
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
result: Generic.mg.47b22c08eef449dc
update: 20200611
version: 32.31.0.0
detected: True check_circle

Sangfor
update: 20200423
version: 1.0
detected: False cancel

TACHYON
update: 20200611
version: 2020-06-11.02
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200611
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200611
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200611
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_99%
update: 20200611
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.33999037
update: 20200611
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200611
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.33999037 (B)
update: 20200611
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Dropper.MSIL.gyahu
update: 20200611
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.WFL!tr
update: 20200611
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200611
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200611
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200611
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200611
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
result: Trojan/Win32.Kryptik.R339939
update: 20200611
version: 3.17.6.27456
detected: True check_circle

Antiy-AVL
update: 20200611
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200611
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200610
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Vigorf.A
update: 20200611
version: 1.1.17100.2
detected: True check_circle

Qihoo-360
result: Trojan.Generic
update: 20200611
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200611
version: 1.0
detected: True check_circle

Cybereason
result: malicious.db45d0
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.WFL
update: 20200611
version: 21475
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0RFA20
update: 20200611
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.33999037
update: 20200611
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005684341 )
update: 20200611
version: 11.114.34374
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200611
version: 200611-00
detected: False cancel

Malwarebytes
result: Trojan.Crypt
update: 20200611
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200611
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200611
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Kryptik.hkzvmb
update: 20200611
version: 1.0.134.25119
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34128.Fu0@aeA98Di
update: 20200609
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.33999037
update: 20200611
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200606
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.hc
update: 20200611
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0RFA20
update: 20200611
version: 10.0.0.1040
detected: True check_circle

total
74
sha256
5a2e0820c6fa8642f95dbce64665b75f36f697758a7f49aa163b796e192ff30e
scan_id
5a2e0820c6fa8642f95dbce64665b75f36f697758a7f49aa163b796e192ff30e-1591883018
resource
47b22c08eef449dc6e3e53842bb05ba6
positives
50
scan_date
2020-06-11 13:43:38
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 19:45:44.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.684Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:44.684Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 19:45:44.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 19:45:44.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:45:44.731Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:45:44.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 19:45:44.731Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 19:45:44.903Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:45:45.43Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:45:45.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:46.887Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:46.934Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:46.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:47.684Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:47.684Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:47.684Open1480C:\malware.exeC:\
24/6/2020 - 19:45:47.684Unknown1480C:\malware.exeC:\
24/6/2020 - 19:45:47.684Open1480C:\malware.exeC:\Monitor
24/6/2020 - 19:45:47.684Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:45:47.684Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:47.684Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:47.684Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:47.684Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:48.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 19:45:48.12Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:45:48.12Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:45:48.12Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:45:48.12Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:45:48.59Open1480C:\malware.exeC:\malware.config
24/6/2020 - 19:45:48.59Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:48.59Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:48.59Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.59Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 19:45:48.75Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:48.75Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:45:48.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:45:48.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:45:48.90Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:45:48.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:45:48.90Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:45:48.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:48.90Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 19:45:48.90Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 19:45:48.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:45:48.106Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:48.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:48.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:45:48.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:45:48.153Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.153Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:49.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.168Open1480C:\malware.exeC:\ntdll.dll
24/6/2020 - 19:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
24/6/2020 - 19:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:56.918Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 19:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:57.12Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:57.12Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 19:45:57.153Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 19:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:57.481Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:45:57.622Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:57.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:45:58.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:45:58.106Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.247Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.247Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:45:59.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:59.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:0.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:0.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:0.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:0.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:1.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
24/6/2020 - 19:46:1.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
24/6/2020 - 19:46:1.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:46:1.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:46:1.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:46:1.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:1.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.262Open1480C:\malware.exeC:\malware.config
24/6/2020 - 19:46:2.262Open1480C:\malware.exeC:\pt-BR\ZJLdvblOAq.resources.dll
24/6/2020 - 19:46:2.262Open1480C:\malware.exeC:\pt-BR\ZJLdvblOAq.resources\ZJLdvblOAq.resources.dll
24/6/2020 - 19:46:2.262Open1480C:\malware.exeC:\pt-BR\ZJLdvblOAq.resources.exe
24/6/2020 - 19:46:2.262Open1480C:\malware.exeC:\pt-BR\ZJLdvblOAq.resources\ZJLdvblOAq.resources.exe
24/6/2020 - 19:46:2.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:46:2.309Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:2.497Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:2.497Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:2.497Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\pt\ZJLdvblOAq.resources.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\pt\ZJLdvblOAq.resources\ZJLdvblOAq.resources.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\pt\ZJLdvblOAq.resources.exe
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\pt\ZJLdvblOAq.resources\ZJLdvblOAq.resources.exe
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\gMxcfbEUFYvlISODVJWQADnTzhCdA.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\gMxcfbEUFYvlISODVJWQADnTzhCdA\gMxcfbEUFYvlISODVJWQADnTzhCdA.dll
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\gMxcfbEUFYvlISODVJWQADnTzhCdA.exe
24/6/2020 - 19:46:2.497Open1480C:\malware.exeC:\gMxcfbEUFYvlISODVJWQADnTzhCdA\gMxcfbEUFYvlISODVJWQADnTzhCdA.exe
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:2.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:35.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:35.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:35.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:35.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:35.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:35.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:35.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:35.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:35.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:35.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.215Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
24/6/2020 - 19:46:36.215Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:36.215Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:46:36.262Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:46:36.262Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:46:36.262Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 19:46:36.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 19:46:36.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:36.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:36.450Open1480C:\malware.exeC:\WindowsCodecs.dll
24/6/2020 - 19:46:36.450Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 19:46:36.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 19:46:36.450Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 19:46:36.450Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 19:46:36.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:36.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:36.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:36.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:37.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:37.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:37.293Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:37.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:37.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:37.434Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:37.497Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:37.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.637Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.684Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:37.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:37.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:37.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 19:46:38.106Open1480C:\malware.exeC:\VERSION.dll
24/6/2020 - 19:46:38.106Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:38.106Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:38.106Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:38.106Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:38.153Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:38.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:38.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:39.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:39.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:39.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:39.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:39.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:40.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
24/6/2020 - 19:46:41.184Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 19:46:41.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:41.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:41.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:41.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:41.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:41.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:41.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:41.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:41.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.934Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 19:46:41.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:41.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:42.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:42.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:42.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:42.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:42.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:46:42.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:42.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:42.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:46:42.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.403Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:46:42.497Open1480C:\malware.exeC:\shfolder.dll
24/6/2020 - 19:46:42.497Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:46:42.497Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:46:42.731Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:42.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:42.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.481Open1480C:\malware.exeC:\ntmarta.dll
24/6/2020 - 19:46:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
24/6/2020 - 19:46:43.481Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
24/6/2020 - 19:46:43.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:43.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:43.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:43.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.715Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.715Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.715Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:43.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:43.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:44.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exe
24/6/2020 - 19:46:44.247Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:44.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:44.247Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\oYQIOzzZbo.exeoYQIOzzZbo.exe
24/6/2020 - 19:46:44.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 19:46:44.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 19:46:44.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:44.668Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:44.668Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:44.668Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:44.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\PROPSYS.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\apphelp.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.762Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.778Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.778Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.778Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 19:46:44.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 19:46:44.840Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:44.840Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:44.840Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:44.856Open1480C:\malware.exeC:\Monitor\schtasks.exe
24/6/2020 - 19:46:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:44.856Open1480C:\malware.exeC:\
24/6/2020 - 19:46:44.856Unknown1480C:\malware.exeC:\
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.872Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.872Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
24/6/2020 - 19:46:44.872Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\System32\propsys.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\System32\propsys.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Secur32.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 19:46:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
24/6/2020 - 19:46:44.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:44.950Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:45.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\
24/6/2020 - 19:46:45.137Unknown1480C:\malware.exeC:\
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:45.137Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:45.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:45.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.137Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.137Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.137Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
24/6/2020 - 19:46:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:45.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 19:46:45.200Unknown2756C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 19:46:45.200Open2756C:\Windows\SysWOW64\schtasks.exeC:\Monitor
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.278Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:46:45.293Open1480C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 19:46:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:46:45.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:46:45.293Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:46:45.293Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:46:45.434Read2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.434Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:45.434Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:45.450Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:45.450Read2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:45.497Unknown2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:45.497Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:45.700Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
24/6/2020 - 19:46:45.700Open2756C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
24/6/2020 - 19:46:45.887Open2756C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:45.887Read2756C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:45.887Read2756C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:47.262Unknown2756C:\Windows\SysWOW64\schtasks.exeC:\Windows
24/6/2020 - 19:46:47.262Unknown2756C:\Windows\SysWOW64\schtasks.exeC:\Monitor
24/6/2020 - 19:46:47.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:47.340Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
24/6/2020 - 19:46:47.340Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:47.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:47.340Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpF28B.tmp
24/6/2020 - 19:46:47.340Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.340Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 19:46:47.387Read2264C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 19:46:47.387Open2264C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:47.387Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:47.387Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Windows\assembly
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Windows\assembly
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Windows\assembly
24/6/2020 - 19:46:47.403Open2264C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:47.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:47.403Read2264C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:47.465Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 19:46:47.465Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 19:46:47.465Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 19:46:47.465Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 19:46:47.465Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:47.465Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:47.465Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:47.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116250
24/6/2020 - 19:46:47.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116265
24/6/2020 - 19:46:47.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116265
24/6/2020 - 19:46:47.512Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Globalization
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 19:46:47.512Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 19:46:47.512Open2264C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:47.528Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.528Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 19:46:47.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\Temp
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\Temp
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\Temp
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:47.637Open2264C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 19:46:47.637Unknown2264C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:47.653Unknown2264C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:47.653Open2264C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:47.700Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:47.700Read2264C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:47.700Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:47.700Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.700Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:47.700Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:47.700Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.762Open2264C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
24/6/2020 - 19:46:47.762Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 19:46:47.762Read2264C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 19:46:47.762Unknown2264C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
24/6/2020 - 19:46:47.778Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.778Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.793Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 19:46:47.793Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 19:46:47.840Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.840Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.840Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.840Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.840Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.840Open2264C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\malware.exe.config
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:47.887Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.887Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.887Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.887Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.887Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\malware.exe.config
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 19:46:47.887Unknown2264C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 19:46:47.887Open2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Monitor
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.903Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 19:46:47.903Open2264C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:47.965Open2264C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:48.12Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\malware.config
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:48.12Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:48.12Unknown2264C:\malware.exeC:\Monitor\Malware
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:48.12Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:48.12Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:48.12Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:48.43Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:48.43Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:48.43Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:46:48.106Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:48.106Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:48.106Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.153Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.247Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.293Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.340Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.387Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.434Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.481Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.528Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.575Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.622Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:48.668Unknown2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:48.668Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:48.668Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\bcrypt.dll
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:46:48.668Open2264C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 19:46:48.668Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:46:48.715Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.809Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.856Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.903Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.950Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:48.997Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.43Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.90Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.137Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.184Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.231Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.278Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.325Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.372Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.418Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.465Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.512Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.559Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.606Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.653Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.700Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.747Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:49.793Open2264C:\malware.exeC:\dwmapi.dll
24/6/2020 - 19:46:49.793Open2264C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:49.793Open2264C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 19:46:49.793Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:49.840Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:49.887Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:49.934Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:49.981Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.28Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.75Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.122Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.168Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.262Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.309Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:46:50.356Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\VERSION.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:46:50.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:50.450Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:50.497Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:46:50.543Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
24/6/2020 - 19:47:1.934Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:1.934Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:1.934Open2264C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 19:47:2.43Open2264C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 19:47:2.43Open2264C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:47:2.43Unknown2264C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:47:2.43Open2264C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 19:47:2.43Unknown2264C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 19:47:2.90Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 19:47:2.90Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 19:47:2.90Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
24/6/2020 - 19:47:2.90Open2264C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 19:47:2.90Open2264C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 19:47:2.106Unknown2264C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 19:47:2.106Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 19:47:2.356Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 19:47:2.356Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 19:47:2.825Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 19:47:2.825Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 19:47:2.825Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
24/6/2020 - 19:47:2.825Open2264C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 19:47:2.825Open2264C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:3.262Open2264C:\malware.exeC:\SXS.DLL
24/6/2020 - 19:47:3.262Open2264C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:47:3.262Open2264C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 19:47:3.262Open2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.262Open2264C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
24/6/2020 - 19:47:3.262Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:47:3.278Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.278Read2264C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 19:47:3.278Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:47:3.747Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.747Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:47:3.747Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.747Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.747Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.747Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.762Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.762Open2264C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:47:3.762Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:3.762Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:3.762Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:3.762Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 19:47:3.762Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.762Read2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.762Unknown2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 19:47:3.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:3.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:3.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:3.778Open2264C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
24/6/2020 - 19:47:4.762Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 19:47:4.762Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:47:4.762Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.762Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.825Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.825Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.825Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:4.825Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:4.872Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.872Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.918Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:4.965Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:5.12Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:5.59Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 19:47:5.106Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.106Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 19:47:5.106Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.153Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.200Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.247Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.293Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 19:47:5.293Unknown2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.293Open2264C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:47:5.293Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:5.293Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:5.293Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:5.293Read2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 19:47:5.293Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 19:47:5.481Read2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:47:5.809Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
24/6/2020 - 19:47:13.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:13.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:13.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:13.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:16.278Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:16.325Read2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users\Behemot
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Write2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:19.512Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:23.700Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:23.700Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe
24/6/2020 - 19:47:23.700Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\YYtJku\YYtJku.exe:Zone.Identifier
24/6/2020 - 19:47:35.28Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.75Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.122Open2264C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:35.122Open2264C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:35.122Open2264C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:35.122Open2264C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 19:47:35.122Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.168Open2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:35.168Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 19:47:35.168Unknown2264C:\malware.exeC:\malware.exe
24/6/2020 - 19:47:35.215Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
24/6/2020 - 19:47:35.262Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.309Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.356Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 19:47:35.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.450Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 19:47:35.497Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.543Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.590Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.637Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.684Open2264C:\malware.exeC:\shfolder.dll
24/6/2020 - 19:47:35.684Open2264C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:47:35.684Open2264C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 19:47:35.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:47:35.684Unknown2264C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 19:47:35.684Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:35.731Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.825Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
24/6/2020 - 19:47:35.950Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\malware.config
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:35.965Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:35.965Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:35.965Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:35.965Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:35.965Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 19:47:35.965Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:35.965Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:35.981Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.28Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.75Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.122Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.168Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.262Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.309Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.356Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.450Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 19:47:36.497Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 19:47:36.497Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:36.543Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:36.590Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:36.637Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:36.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 19:47:36.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 19:47:36.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 19:47:36.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
24/6/2020 - 19:47:36.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 19:47:36.684Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 19:47:36.700Open2264C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
24/6/2020 - 19:47:36.700Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:36.747Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\FTP Navigator\Ftplist.txt
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Program Files (x86)
24/6/2020 - 19:47:36.793Unknown2264C:\malware.exeC:\Program Files (x86)
24/6/2020 - 19:47:36.793Open2264C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
24/6/2020 - 19:47:36.856Open2264C:\malware.exeC:\cftp\Ftplist.txt
24/6/2020 - 19:47:36.856Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 19:47:36.856Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 19:47:36.856Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
24/6/2020 - 19:47:36.856Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
24/6/2020 - 19:47:36.856Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
24/6/2020 - 19:47:36.872Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
24/6/2020 - 19:47:36.872Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 19:47:36.918Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:36.965Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 19:47:36.965Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.12Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 19:47:37.12Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 19:47:37.12Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 19:47:37.12Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 19:47:37.12Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 19:47:37.12Open2264C:\malware.exeC:\Monitor\Folder.lst
24/6/2020 - 19:47:37.75Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.122Open2264C:\malware.exeC:\Storage
24/6/2020 - 19:47:37.122Open2264C:\malware.exeC:\mail
24/6/2020 - 19:47:37.122Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
24/6/2020 - 19:47:37.122Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
24/6/2020 - 19:47:37.122Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.168Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.262Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.309Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.356Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.450Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.497Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:37.543Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
24/6/2020 - 19:47:37.543Open2264C:\malware.exeC:\vaultcli.dll
24/6/2020 - 19:47:37.543Open2264C:\malware.exeC:\vaultcli.dll
24/6/2020 - 19:47:37.543Open2264C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 19:47:37.543Open2264C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 19:47:38.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:38.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:38.403Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
24/6/2020 - 19:47:38.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:38.418Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:38.418Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 19:47:38.418Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 19:47:38.434Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
24/6/2020 - 19:47:38.434Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
24/6/2020 - 19:47:38.434Open2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:38.481Open2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:38.762Open2264C:\malware.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 19:47:38.762Open2264C:\malware.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 19:47:38.762Open2264C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 19:47:38.809Open2264C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 19:47:39.184Open2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 19:47:39.184Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 19:47:39.184Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 19:47:39.184Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 19:47:39.184Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:47:39.184Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:47:39.184Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\malware.exe.Local
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:39.200Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:39.200Unknown2264C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 19:47:39.200Unknown2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.200Open2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:47:39.200Unknown2264C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 19:47:39.200Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.215Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.262Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.309Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.356Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.403Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.450Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.497Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.543Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.590Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.637Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.684Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.731Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.778Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.825Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 19:47:39.872Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
24/6/2020 - 19:47:39.872Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
24/6/2020 - 19:47:39.872Open2264C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
24/6/2020 - 19:47:39.872Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
24/6/2020 - 19:47:39.872Open2264C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
24/6/2020 - 19:47:53.247Read2264C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll

Process
Trace
24/6/2020 - 19:46:45.137Create1480C:\malware.exe2756C:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:47.262Terminate1480C:\malware.exe2756C:\Windows\SysWOW64\schtasks.exe
24/6/2020 - 19:46:47.340Create1480C:\malware.exe2264C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
24/6/2020 - 19:46:44.934Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
24/6/2020 - 19:47:19.575Write2264C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\RunYYtJku

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 43.23%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 65.96%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 62.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 73.02%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download