Report #10761 check_circle

Binary
DLL
False cancel
Size
351.50KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
9f7b2a95c1e456d577a7d929705b4b86
sha1
b5df4c016acd04e5b8c06129bd915bfd7f94b48d
crc32
0xf026e66d
sha224
392d9961d9a8ee15eb6bbc7e6088bbdda399485d745e8c3aa2608b2e
sha256
5d45333978e4e002d9a5c293f6ea8e19a93154fc5e3a7401c793ebeda53588ee
sha384
f7a565794c56afeb93e13b3856232c029d030a41ca28fc598b50db3081fe06a2b531043d175bdfa86f3140248af33162
sha512
6ecd5c288177f65fcc97fbc9e170886754a84598fe7967f4dd41bd4ecb04e3ed870f33932b0f88fa40dfb75b33f1ee321032cde23bc9ec34357d8dbb197e5644
ssdeep
6144:kXT7UWbqeTUQD8h/EEc7knQanz4FV00M0x7QUGSK/tRFpjLTCvVkf:Q7UWbvUQgPc7Jy4bi0x7QUYRFpjLTMkf
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, anti_dbg, Microsoft_Visual_Studio_NET_additional, DebuggerCheck__QueryInfo, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
o.cR
System.IO
-.LK
u.tf
1.0.0.8
1.0.1.1
1.0.1.1
1.0.1.1
ntdll.dll
d}%5ligYG
O(0%s
s%iE-
%e\Coh
Next
%AtnE
System.Windows.Forms
mscoree.dll
AMKN9RvlDoD7Qjl.exe
AMKN9RvlDoD7Qjl.exe
AMKN9RvlDoD7Qjl.exe
OutputDebugString
tCpr
IsDebuggerPresent
Debugger
password
%/4-
Sleep
!@s&o,
$16795ade-acd5-44c8-b08b-dbf169f99338
Random
set_IsBackground
4EysE0*p
_CorExeMain
7=8\W/)it
/MnHT{'i
:Uv-Se2]A
#~NiR5OoD.
get_UTF8
lnu!SKI0
button1_Click
button2_Click
i,40Cre}
35cca.resources
7l(SVI5
3h9D+wE
get_ProcessName
3to*lB0;
get_CurrentJob
set_ShiftsToWork
get_CurrentThread
,iYnde5)
+UBSe[?EN
get_CurrentDomain
get_Controls
get_IsAttached
get_ShiftsLeft
op_Equality
get_Value
get_IsAlive
get_FullName
get_Text
get_Size
get_Name
set_Name
set_Text
?FyaemjP
lE9W"i\
op_Explicit
get_Message
get_Handle
k3E@vhu
coR=7'v
do|V@3br
!Af0V-tn
;h%!YNGap
+,%IsdYmf\
set_SelectedIndex
add_AssemblyResolve
?Tf9h2y`dy
rwA??~)
GetProcessById
System.Text
#Strings
*B],LE G;U6
groupBox1
>AE@wh_
get_Length
RuntimeCompatibilityAttribute
components
InitializeComponent
<Module>
Comments
0;_PHVNwM
Win32Exception
CallByName
AsrAvE9k
GetElementType
CompanyName
Environment
D^aUET/

Foremost
Matches
0.exe, 351 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.0.0.8, 0, Unknown, 1.0.1.1, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, mscoree.dll, ntdll.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 365534
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, mscoree.dll, ntdll.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-07 17:48:46
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 166

pushpopmath
.text: 107

ss register
.text: 5

garbagebytes
.text: 63

hookdetection
.text: 4

software breakpoint
.text: 7

fakeconditionaljumps
.text: 1

programcontrolflowchange
.text: 62

cpuinstructionsresultscomparison
.text: 15

AVclass
None
1
VirusTotal
md5
9f7b2a95c1e456d577a7d929705b4b86
sha1
b5df4c016acd04e5b8c06129bd915bfd7f94b48d
SCANS (DETECTION RATE = 46.48%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200608
version: 18.4.3895.0
detected: True check_circle

MAX
update: 20200608
version: 2019.9.16.1
detected: False cancel

APEX
result: Malicious
update: 20200607
version: 6.33
detected: True check_circle

Bkav
update: 20200606
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 00567de21 )
update: 20200608
version: 11.113.34333
detected: True check_circle

ALYac
update: 20200608
version: 1.1.1.5
detected: False cancel

Avast
result: Win32:PWSX-gen [Trj]
update: 20200608
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20200608
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.AVB.gen!Eldorado
update: 20200608
version: 6.3.0.2
detected: True check_circle

DrWeb
update: 20200608
version: 7.0.46.3050
detected: False cancel

GData
result: Win32.Trojan-Stealer.AgentTesla.3UDI51
update: 20200608
version: A:25.25866B:27.19017
detected: True check_circle

Panda
update: 20200607
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200605
version: 4.4.1
detected: False cancel

VIPRE
update: 20200608
version: 84310
detected: False cancel

Zoner
update: 20200607
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200607
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200608
version: 32516
detected: False cancel

F-Prot
result: W32/MSIL_Kryptik.AVB.gen!Eldorado
update: 20200608
version: 4.7.1.166
detected: True check_circle

Ikarus
update: 20200607
version: 0.1.5.2
detected: False cancel

McAfee
update: 20200608
version: 6.0.6.653
detected: False cancel

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200608
version: 25.0.0.25
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200608
version: 4.98.0
detected: True check_circle

Yandex
update: 20200606
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200606
version: 2.0.0.4105
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
update: 20200608
version: 1.0.0.875
detected: False cancel

Cylance
result: Unsafe
update: 20200608
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200529
version: 4.0.4
detected: True check_circle

FireEye
result: Generic.mg.9f7b2a95c1e456d5
update: 20200608
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200608
version: 2020-06-08.02
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200608
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200608
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200608
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_100%
update: 20200608
detected: True check_circle

Ad-Aware
update: 20200608
version: 3.0.5.370
detected: False cancel

AegisLab
result: Trojan.Multi.Generic.4!c
update: 20200608
version: 4.2
detected: True check_circle

Emsisoft
update: 20200605
version: 2018.12.0.1641
detected: False cancel

F-Secure
update: 20200608
version: 12.0.86.52
detected: False cancel

Fortinet
result: MSIL/Kryptik.WFJ!tr
update: 20200608
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200607
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200608
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200608
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200607
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
update: 20200607
version: 3.17.6.27456
detected: False cancel

Antiy-AVL
update: 20200607
version: 3.0.0.1
detected: False cancel

Kaspersky
result: UDS:DangerousObject.Multi.Generic
update: 20200608
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200606
version: 1.0.0.1
detected: False cancel

Microsoft
result: Trojan:Win32/Occamy.C5D
update: 20200608
version: 1.1.17100.2
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.C401.Malware.Gen
update: 20200608
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: UDS:DangerousObject.Multi.Generic
update: 20200608
version: 1.0
detected: True check_circle

Cybereason
result: malicious.16acd0
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.WFJ
update: 20200608
version: 21456
detected: True check_circle

TrendMicro
update: 20200608
version: 11.0.0.1006
detected: False cancel

BitDefender
update: 20200608
version: 7.2
detected: False cancel

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 00567de21 )
update: 20200608
version: 11.113.34332
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200608
version: 200608-00
detected: False cancel

Malwarebytes
result: Trojan.Crypt.MSIL
update: 20200608
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
update: 20200608
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200608
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34126.vm0@aamqrEl
update: 20200603
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
update: 20200608
version: 14.0.409.0
detected: False cancel

SUPERAntiSpyware
update: 20200605
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.fc
update: 20200608
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.F0D1C00F820
update: 20200608
version: 10.0.0.1040
detected: True check_circle

total
71
sha256
5d45333978e4e002d9a5c293f6ea8e19a93154fc5e3a7401c793ebeda53588ee
scan_id
5d45333978e4e002d9a5c293f6ea8e19a93154fc5e3a7401c793ebeda53588ee-1591604704
resource
9f7b2a95c1e456d577a7d929705b4b86
positives
33
scan_date
2020-06-08 08:25:04
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
24/6/2020 - 20:45:43.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\
24/6/2020 - 20:45:43.622Unknown1480C:\malware.exeC:\
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows
24/6/2020 - 20:45:43.622Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:45:43.622Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:43.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:45.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:45.90Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:45.90Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:45:45.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 20:45:45.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 20:45:45.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 20:45:45.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 20:45:45.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:45:45.262Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:45.262Unknown1480C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:45:45.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:45:45.262Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.262Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:45.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.481Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\
24/6/2020 - 20:45:45.481Unknown1480C:\malware.exeC:\
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Monitor
24/6/2020 - 20:45:45.481Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:45.481Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.481Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:45:45.481Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:45:45.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:45:45.512Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:45:45.512Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.512Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.512Open1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:45.512Unknown1480C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.512Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.512Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:45:45.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:45:45.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:45:45.715Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:45.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:45.715Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:45.715Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:46.934Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 20:45:46.934Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 20:45:46.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:45:46.934Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:46.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:46.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:46.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:46.950Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:45:46.997Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:45:47.137Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.137Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.403Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:48.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:48.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:49.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Open1480C:\malware.exeC:\ntdll.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:50.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 20:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.668Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:50.668Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 20:45:50.684Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 20:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.731Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.872Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:50.872Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:51.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.481Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.481Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:53.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:53.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:53.778Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:53.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:53.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:53.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:54.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:54.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:54.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
24/6/2020 - 20:45:55.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
24/6/2020 - 20:45:55.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:55.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:55.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:55.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
24/6/2020 - 20:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:55.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:55.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:55.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\VERSION.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:57.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:57.856Open1480C:\malware.exeC:\mkeemlCuiCkCmgdaVudmEQBAztWAA.dll
24/6/2020 - 20:45:57.856Open1480C:\malware.exeC:\mkeemlCuiCkCmgdaVudmEQBAztWAA\mkeemlCuiCkCmgdaVudmEQBAztWAA.dll
24/6/2020 - 20:45:57.856Open1480C:\malware.exeC:\mkeemlCuiCkCmgdaVudmEQBAztWAA.exe
24/6/2020 - 20:45:57.856Open1480C:\malware.exeC:\mkeemlCuiCkCmgdaVudmEQBAztWAA\mkeemlCuiCkCmgdaVudmEQBAztWAA.exe
24/6/2020 - 20:45:57.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:45:57.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:45:58.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:45:58.90Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:58.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:58.90Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:58.90Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:58.90Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:45:58.90Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
24/6/2020 - 20:45:58.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:45:58.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:45:58.106Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\WindowsCodecs.dll
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 20:45:58.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 20:45:58.106Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
24/6/2020 - 20:45:58.106Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
24/6/2020 - 20:45:58.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:45:58.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:58.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
24/6/2020 - 20:46:0.43Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
24/6/2020 - 20:46:0.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.747Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.747Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.747Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.747Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.747Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.747Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 20:46:0.747Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
24/6/2020 - 20:46:0.747Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Open1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Unknown1480C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 20:46:0.793Read1928C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 20:46:0.793Open1928C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:0.793Open1928C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.793Unknown1928C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.793Read1928C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.856Unknown1928C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
24/6/2020 - 20:46:0.856Read2948C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
24/6/2020 - 20:46:0.856Open2948C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\Favorites
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.856Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.856Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 20:46:0.856Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 20:46:0.872Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:0.872Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\SysWOW64\psapi.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\psapi.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:0.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
24/6/2020 - 20:46:0.887Read2948C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows\SysWOW64\psapi.dll
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\System32\wow64log.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.887Unknown2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.887Open2948C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.903Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.903Open2948C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.903Open1928C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:0.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
24/6/2020 - 20:46:0.903Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
24/6/2020 - 20:46:0.903Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
24/6/2020 - 20:46:0.903Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:0.903Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Globalization
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Globalization\Sorting
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Temp
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\apisetschema.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:0.918Unknown1928C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:0.918Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\SysWOW64\psapi.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\psapi.dll
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\locale.nls
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
24/6/2020 - 20:46:0.934Open1928C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[2].XML
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\ntdll.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\wow64.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\wow64win.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\wow64cpu.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\kernel32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\user32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\sechost.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\user32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\lpk.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\usp10.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\imm32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\msctf.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\mctres.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\shell32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\ole32.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\profapi.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\SysWOW64\psapi.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
24/6/2020 - 20:46:0.934Unknown1928C:\malware.exe\Device\HarddiskVolume2
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.934Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:0.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:0.950Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.950Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.950Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.950Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.950Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Monitor
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.950Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
24/6/2020 - 20:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.950Open2948C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
24/6/2020 - 20:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:0.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116640
24/6/2020 - 20:46:0.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116703
24/6/2020 - 20:46:0.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116796
24/6/2020 - 20:46:1.28Open2948C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
24/6/2020 - 20:46:1.28Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:1.28Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
24/6/2020 - 20:46:1.28Open2948C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:1.28Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:1.28Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:1.28Open2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:1.28Unknown2948C:\malware.exeC:\Monitor\Malware
24/6/2020 - 20:46:1.28Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:1.28Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:1.43Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:1.43Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:1.43Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
24/6/2020 - 20:46:1.43Open2948C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:1.43Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:1.43Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:1.43Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\pubpol4.dat
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:1.59Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.59Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.59Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:1.122Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:1.122Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:1.122Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:1.122Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:1.122Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:1.122Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 20:46:1.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 20:46:1.168Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 20:46:1.168Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 20:46:1.168Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.231Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.231Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:1.231Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:1.278Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.325Unknown1480C:\malware.exeC:\Windows
24/6/2020 - 20:46:1.325Unknown1480C:\malware.exeC:\Monitor
24/6/2020 - 20:46:1.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:1.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:1.325Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
24/6/2020 - 20:46:1.340Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.387Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.434Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:1.481Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:1.528Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:1.575Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:1.622Unknown2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:1.622Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\Globalization\pt-br.nlp
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:1.622Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\bcrypt.dll
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 20:46:1.622Open2948C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
24/6/2020 - 20:46:1.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:1.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:1.715Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.762Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.809Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.856Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.903Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.950Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:1.997Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.43Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.90Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.137Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.184Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.231Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.278Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.325Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.372Open2948C:\malware.exeC:\dwmapi.dll
24/6/2020 - 20:46:2.372Open2948C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 20:46:2.372Open2948C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
24/6/2020 - 20:46:2.372Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.465Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.512Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.559Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.606Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.653Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:2.700Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.747Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.793Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.840Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.887Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.934Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:2.981Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\VERSION.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\SysWOW64\version.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:3.28Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:3.75Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:3.122Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
24/6/2020 - 20:46:14.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:14.590Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
24/6/2020 - 20:46:14.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:14.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\CRYPTSP.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.590Open2948C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
24/6/2020 - 20:46:14.606Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:14.700Open2948C:\malware.exeC:\RpcRtRemote.dll
24/6/2020 - 20:46:14.700Open2948C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 20:46:14.700Unknown2948C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 20:46:14.700Open2948C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
24/6/2020 - 20:46:14.700Unknown2948C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
24/6/2020 - 20:46:14.747Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 20:46:14.747Unknown2948C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:14.747Open2948C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
24/6/2020 - 20:46:14.762Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 20:46:14.762Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
24/6/2020 - 20:46:14.762Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 20:46:14.762Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
24/6/2020 - 20:46:15.59Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 20:46:15.59Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
24/6/2020 - 20:46:15.528Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 20:46:15.528Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
24/6/2020 - 20:46:15.528Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
24/6/2020 - 20:46:15.528Open2948C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 20:46:15.528Open2948C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:15.950Open2948C:\malware.exeC:\SXS.DLL
24/6/2020 - 20:46:15.950Open2948C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 20:46:15.950Open2948C:\malware.exeC:\Windows\SysWOW64\sxs.dll
24/6/2020 - 20:46:15.950Open2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.950Open2948C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
24/6/2020 - 20:46:15.950Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:15.965Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.965Read2948C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
24/6/2020 - 20:46:15.965Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:16.434Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:16.434Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:16.450Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.450Unknown2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:16.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:16.450Open2948C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
24/6/2020 - 20:46:17.403Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 20:46:17.403Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:17.403Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.465Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.465Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:17.512Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.512Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.559Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.606Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:17.653Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:17.700Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 20:46:17.747Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.747Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 20:46:17.747Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.793Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.840Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.887Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.934Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
24/6/2020 - 20:46:17.934Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.934Open2948C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:17.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:17.934Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:17.934Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:17.934Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
24/6/2020 - 20:46:17.934Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
24/6/2020 - 20:46:18.122Read2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:18.450Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
24/6/2020 - 20:46:22.778Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:25.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:25.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:25.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:25.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:25.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:28.684Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:28.731Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:28.809Read2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
24/6/2020 - 20:46:28.903Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Read2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Write2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Write2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Read2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Read2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Write2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Write2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Read2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Read2948C:\malware.exeC:\malware.exe
24/6/2020 - 20:46:31.997Write2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Write2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:31.997Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:36.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:36.168Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
24/6/2020 - 20:46:36.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe:Zone.Identifier
24/6/2020 - 20:46:47.497Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.543Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.637Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.684Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.731Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.778Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.825Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.872Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.918Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:47.965Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.12Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.59Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.106Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.153Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.200Open2948C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:48.200Open2948C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:48.200Open2948C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:48.200Open2948C:\malware.exeC:\Windows\SysWOW64\tzres.dll
24/6/2020 - 20:46:48.200Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.247Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.293Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.340Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:48.387Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.434Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.481Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.528Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:48.575Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
24/6/2020 - 20:46:48.668Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.668Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
24/6/2020 - 20:46:48.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.715Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.762Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.809Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.856Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.903Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.950Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:48.997Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:49.90Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
24/6/2020 - 20:46:49.90Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.137Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.184Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.231Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.278Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.325Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:49.372Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.465Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:49.512Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 20:46:49.606Unknown2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.606Open2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
24/6/2020 - 20:46:49.606Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.653Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.700Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.747Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.793Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.840Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.887Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.934Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:49.981Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.28Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.75Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.122Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.168Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.215Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.262Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.309Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.356Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.403Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.450Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
24/6/2020 - 20:46:50.450Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.497Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.543Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.637Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.684Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.731Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.778Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:50.825Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:50.825Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.825Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:50.825Unknown2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:50.825Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
24/6/2020 - 20:46:50.825Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.872Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.918Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:50.965Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:51.12Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:51.59Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:51.106Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.106Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:51.153Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
24/6/2020 - 20:46:51.200Open2948C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:51.200Open2948C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:51.200Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:51.247Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:51.293Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:51.340Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:51.387Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:51.434Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:51.481Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.528Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.575Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:51.715Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
24/6/2020 - 20:46:51.715Open2948C:\malware.exeC:\rasapi32.dll
24/6/2020 - 20:46:51.715Open2948C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
24/6/2020 - 20:46:51.715Open2948C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
24/6/2020 - 20:46:51.997Open2948C:\malware.exeC:\rasman.dll
24/6/2020 - 20:46:51.997Open2948C:\malware.exeC:\Windows\SysWOW64\rasman.dll
24/6/2020 - 20:46:51.997Open2948C:\malware.exeC:\Windows\SysWOW64\rasman.dll
24/6/2020 - 20:46:52.372Open2948C:\malware.exeC:\rtutils.dll
24/6/2020 - 20:46:52.372Open2948C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
24/6/2020 - 20:46:52.418Open2948C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
24/6/2020 - 20:46:52.700Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:52.747Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:52.793Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
24/6/2020 - 20:46:52.793Open2948C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 20:46:52.793Open2948C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
24/6/2020 - 20:46:52.793Open2948C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 20:46:52.793Open2948C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
24/6/2020 - 20:46:52.840Open2948C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 20:46:52.840Open2948C:\malware.exeC:\Windows\SysWOW64\wship6.dll
24/6/2020 - 20:46:52.840Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:52.887Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
24/6/2020 - 20:46:52.934Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:52.981Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.28Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.75Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.122Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.168Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.215Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.262Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.356Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.403Open2948C:\malware.exeC:\Windows\Globalization\en-us.nlp
24/6/2020 - 20:46:53.403Open2948C:\malware.exeC:\malware.exe.config
24/6/2020 - 20:46:53.403Open2948C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.403Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.403Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.403Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:53.403Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.403Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.403Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.418Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:53.418Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
24/6/2020 - 20:46:53.418Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.418Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\winhttp.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\webio.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\webio.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\credssp.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\credssp.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\credssp.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.418Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\IPHLPAPI.DLL
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\WINNSI.DLL
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\dhcpcsvc6.DLL
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 20:46:53.418Unknown2948C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 20:46:53.418Open2948C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
24/6/2020 - 20:46:53.418Unknown2948C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
24/6/2020 - 20:46:53.481Open2948C:\malware.exeC:\dhcpcsvc.DLL
24/6/2020 - 20:46:53.481Open2948C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 20:46:53.481Open2948C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
24/6/2020 - 20:46:53.575Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.622Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
24/6/2020 - 20:46:53.622Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.622Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
24/6/2020 - 20:46:53.622Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
24/6/2020 - 20:46:53.622Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dllsystem.resources.dll
24/6/2020 - 20:46:53.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:53.684Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.684Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:53.684Open2948C:\malware.exeC:\shfolder.dll
24/6/2020 - 20:46:53.684Open2948C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:46:53.731Open2948C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
24/6/2020 - 20:46:53.965Open2948C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:53.965Unknown2948C:\malware.exeC:\Users\Behemot\AppData\Local
24/6/2020 - 20:46:53.965Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.12Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:54.59Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:54.106Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:54.231Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
24/6/2020 - 20:46:54.231Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
24/6/2020 - 20:46:54.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
24/6/2020 - 20:46:54.247Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.293Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.340Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.387Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.434Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.481Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.528Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.575Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:54.622Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 20:46:54.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:54.668Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:54.715Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:54.762Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:54.809Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:54.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
24/6/2020 - 20:46:54.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
24/6/2020 - 20:46:54.856Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
24/6/2020 - 20:46:54.856Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:54.903Open2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:54.950Open2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.231Open2948C:\malware.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 20:46:55.231Open2948C:\malware.exeC:\Windows\SysWOW64\mpr.dll
24/6/2020 - 20:46:55.231Open2948C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 20:46:55.278Open2948C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
24/6/2020 - 20:46:55.653Open2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
24/6/2020 - 20:46:55.653Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:55.715Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
24/6/2020 - 20:46:55.715Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
24/6/2020 - 20:46:55.715Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.762Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.809Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.856Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.903Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.950Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:55.997Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.43Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.90Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.137Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.184Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.231Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
24/6/2020 - 20:46:56.278Open2948C:\malware.exeC:\Program Files (x86)
24/6/2020 - 20:46:56.278Unknown2948C:\malware.exeC:\Program Files (x86)
24/6/2020 - 20:46:56.278Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:56.325Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:46:56.372Open2948C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
24/6/2020 - 20:46:56.372Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 20:46:56.418Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
24/6/2020 - 20:46:56.434Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
24/6/2020 - 20:46:56.528Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\malware.exe.Local
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:56.575Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:56.575Unknown2948C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
24/6/2020 - 20:46:56.575Open2948C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
24/6/2020 - 20:46:56.590Open2948C:\malware.exeC:\cftp\Ftplist.txt
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
24/6/2020 - 20:46:56.590Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:56.590Open2948C:\malware.exeC:\vaultcli.dll
24/6/2020 - 20:46:56.590Open2948C:\malware.exeC:\vaultcli.dll
24/6/2020 - 20:46:56.590Open2948C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 20:46:56.590Open2948C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
24/6/2020 - 20:46:57.153Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:57.153Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:57.153Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 20:46:57.153Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Storage
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\mail
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 20:46:57.168Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
24/6/2020 - 20:46:57.184Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 20:46:57.184Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Read2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 20:46:57.184Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Open2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.184Unknown2948C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
24/6/2020 - 20:46:57.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 20:46:57.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
24/6/2020 - 20:46:57.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
24/6/2020 - 20:46:57.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 20:46:57.247Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
24/6/2020 - 20:46:57.247Open2948C:\malware.exeC:\Monitor\Folder.lst
24/6/2020 - 20:46:57.247Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\FTP Navigator\Ftplist.txt
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
24/6/2020 - 20:46:57.293Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 20:46:57.309Open2948C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
24/6/2020 - 20:47:3.481Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.528Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.575Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.622Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.668Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.715Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.762Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.809Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.903Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.950Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:3.997Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:4.43Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
24/6/2020 - 20:47:4.90Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:4.137Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:4.184Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
24/6/2020 - 20:47:4.231Read2948C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll

Process
Trace
24/6/2020 - 20:46:0.747Create1480C:\malware.exe1928C:\malware.exe
24/6/2020 - 20:46:0.793Create1480C:\malware.exe2948C:\malware.exe
24/6/2020 - 20:46:1.75Terminate1480C:\malware.exe1928C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
24/6/2020 - 20:46:32.43Write2948C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runnewapp
24/6/2020 - 20:46:52.700Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
24/6/2020 - 20:46:52.700Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
24/6/2020 - 20:46:52.700Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileTracingMask
24/6/2020 - 20:46:52.700Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
24/6/2020 - 20:46:52.700Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32MaxFileSize
24/6/2020 - 20:46:52.700Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileDirectory
24/6/2020 - 20:46:53.403Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
24/6/2020 - 20:46:53.403Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
24/6/2020 - 20:46:53.403Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileTracingMask
24/6/2020 - 20:46:53.403Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
24/6/2020 - 20:46:53.403Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSMaxFileSize
24/6/2020 - 20:46:53.403Write2948C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileDirectory

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.12%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 52.84%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 60.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 76.76%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: True check_circle

Add to Collection
Download