Report #10859 check_circle

  • Creation Date: July 10, 2020, 6:28 p.m.
  • Last Update: July 10, 2020, 6:33 p.m.
  • File: Purchase Order.exe
  • Results:
Binary
DLL
False cancel
Size
513.50KB
trid
62.0% Generic CIL Executable
23.4% Win64 Executable
5.5% Win32 Dynamic Link Library
3.8% Win32 Executable
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
13dfffe47a465be7260a0de553bfe131
sha1
22fa8333a1679cd5ea2a8b87bdfbbe7fd19c00c6
crc32
0xc7820753
sha224
2ae87f944913486eabf6b12bc21513efe8e78c62946c7e2eea01f091
sha256
bc1fe9a18fa14134b8a864f83aafe096bdb62d4355024b906ea78dbe2fa3b0fb
sha384
94a431f9a38b289ad00989f8c032f0eb90c41e4407fd459483269e55f8169282279f1d1b409c0cfa55fc3d666d696418
sha512
5f443fe957933c8a2f05e717c1ab08a8186dd3638cdb444c8aadb0c7796cd498236f7d558dec952e7da70af521e80fe14752c22ecce9dc1b7cea84a23ad79127
ssdeep
12288:xPfyChHczA6GekVeoVJp0ZT6fzxEEO4fWqi:x1c/kcoVJp4T6d5O4fli
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, Big_Numbers3, NETDLLMicrosoft, contentis_base64, NETexecutableMicrosoft, IsNET_EXE, IsPacked, IP, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
e.gN
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
DarkUI.Properties
m%cNH.Sc
8y.Au
tSystem.Windows.Forms.Button, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
1.0.0.1
1.0.0.1
1.0.0.1
1.0.0.1
System.Security.Cryptography
lS.Zw
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
AndroidCar.dll
AndroidCar.dll
AndroidCar.dll
HSHELL_GETMINRECT
DarkUI.Properties.Resources
DarkUI.Properties.Resources.resources
_spacePressed
+P7N%sL*
Hw,[%c%6A
%1En@lf
0%%'7
E7Y_%n
?rel%f
get_Selected
get_Pressed
rr'%p~aCB
DragTimer_Tick
%e:/|
b+o%e
T9l%dh
S?}%A
System.Windows.Forms.Layout
3System.Resources.Tools.StronglyTypedResourceBuilder
get_Splitters
set_Splitters
Yefea
Delegate
fefea
MulticastDelegate
System.Windows.Forms
HSHELL_APPCOMMAND
:Determines whether icons are rendered with the tree nodes.
HSHELL_WINDOWDESTROYED
HSHELL_LANGUAGE
%o~yr5n0 r
HSHELL_REDRAW
_closeButtonPressed
HSHELL_TASKMAN
IME_SELECT
CPL_LAUNCHED
get_ExpandArea
set_ExpandArea
_expandAreaSize
CPL_LAUNCH
HSHELL_ACTIVATESHELLWINDOW
HSHELL_ACCESSIBILITYSTATE
INPUT_DEVICE_CHANGE
mscoree.dll
mscoree.dll
get_IsRoot
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_ResourceManager
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
MENUCOMMAND
get_IsOnDropDown
HSHELL_WINDOWREPLACED
HSHELL_WINDOWCREATED
SYSCOMMAND
HookNodeEvents
UnhookNodeEvents
HSHELL_WINDOWACTIVATED
DESTROYCLIPBOARD
DebuggerBrowsableState
DrawBackground
MDIDESTROY
DebuggableAttribute
DebuggableAttribute
5The section header text associated with this control.
DebuggingModes
DebuggingModes
MENUSELECT
KILLFOCUS
CAPTURECHANGED
ResourceManager

Foremost
Matches
0.exe, 513 KB, 326.png, 347 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.0.0.1, 1, one.one.one.one.
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: AndroidCar.dll, user32.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 530570
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: user32.dll, mscoree.dll
hasLibs: True check_circle
Suspicious: androidcar.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-25 03:15:07
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
127821
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 195

pushpopmath
.text: 190

ss register
.text: 5

garbagebytes
.text: 88

hookdetection
.text: 10

software breakpoint
.text: 2

fakeconditionaljumps
.text: 10

programcontrolflowchange
.text: 78

cpuinstructionsresultscomparison
.text: 31

AVclass
agenttesla
1
VirusTotal
md5
13dfffe47a465be7260a0de553bfe131
sha1
22fa8333a1679cd5ea2a8b87bdfbbe7fd19c00c6
SCANS (DETECTION RATE = 63.01%)
AVG
result: Win32:MalwareX-gen [Trj]
update: 20200630
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200630
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200630
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200628
version: 6.42
detected: True check_circle

Bkav
update: 20200630
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005697c31 )
update: 20200630
version: 11.119.34552
detected: True check_circle

ALYac
result: Trojan.GenericKD.43388403
update: 20200630
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:MalwareX-gen [Trj]
update: 20200630
version: 18.4.3895.0
detected: True check_circle

Avira
update: 20200630
version: 8.3.3.8
detected: False cancel

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200628
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.AYU.gen!Eldorado
update: 20200630
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.InjectNET.14
update: 20200630
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.43388403
update: 20200630
version: A:25.26084B:27.19282
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200630
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200630
version: 4.4.1
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200630
version: 84860
detected: True check_circle

Zoner
update: 20200630
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200630
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200630
version: 32585
detected: False cancel

F-Prot
result: W32/MSIL_Kryptik.AYU.gen!Eldorado
update: 20200630
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.MSIL.Inject
update: 20200630
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FUV!13DFFFE47A46
update: 20200630
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200630
version: 25.0.0.26
detected: True check_circle

Sophos
result: Troj/MSIL-PEA
update: 20200630
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.AvsArher.bSIdr7
update: 20200630
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200630
version: 2.0.0.4120
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: TrojanPSW:MSIL/AgentTesla.72b27e3c
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2960DF3
update: 20200630
version: 1.0.0.877
detected: True check_circle

Cylance
update: 20200630
version: 2.3.1.101
detected: False cancel

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
result: Generic.mg.13dfffe47a465be7
update: 20200630
version: 32.31.0.0
detected: True check_circle

Sangfor
update: 20200423
version: 1.0
detected: False cancel

TACHYON
update: 20200630
version: 2020-06-30.02
detected: False cancel

Tencent
update: 20200630
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200630
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20200630
version: 1.0.0.403
detected: True check_circle

eGambit
result: Unsafe.AI_Score_99%
update: 20200630
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.43388403
update: 20200630
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200630
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.43388403 (B)
update: 20200630
version: 2018.12.0.1641
detected: True check_circle

F-Secure
update: 20200630
version: 12.0.86.52
detected: False cancel

Fortinet
result: Malicious_Behavior.SB
update: 20200630
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.PSW.MSIL.ahyh
update: 20200630
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200630
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200630
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200630
version: 1.11.0.0
detected: True check_circle

Trapmine
result: suspicious.low.ml.score
update: 20200619
version: 3.5.0.987
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Infostealer.R341647
update: 20200630
version: 3.18.0.10009
detected: True check_circle

Antiy-AVL
update: 20200630
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200630
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200622
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:MSIL/AgentTesla.SD!MTB
update: 20200630
version: 1.1.17200.2
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200630
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200630
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.WNO
update: 20200630
version: 21579
detected: True check_circle

TrendMicro
result: TROJ_FRS.VSNTFP20
update: 20200630
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43388403
update: 20200630
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_70% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005697c31 )
update: 20200630
version: 11.119.34552
detected: True check_circle

SentinelOne
result: DFI - Suspicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200630
version: 200630-00
detected: False cancel

Malwarebytes
result: Spyware.Agent
update: 20200630
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200630
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200630
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200630
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
update: 20200624
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.43388403
update: 20200630
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200624
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_FRS.VSNTFP20
update: 20200630
version: 10.0.0.1040
detected: True check_circle

total
73
sha256
bc1fe9a18fa14134b8a864f83aafe096bdb62d4355024b906ea78dbe2fa3b0fb
scan_id
bc1fe9a18fa14134b8a864f83aafe096bdb62d4355024b906ea78dbe2fa3b0fb-1593552354
resource
13dfffe47a465be7260a0de553bfe131
positives
46
scan_date
2020-06-30 21:25:54
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 17:45:44.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:44.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.747Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.747Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:45:44.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:45:44.762Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:44.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\
10/7/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.856Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:44.856Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:44.872Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:44.950Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:45:44.950Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.950Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:44.950Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.950Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:44.965Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:44.965Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:44.981Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:45:44.981Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:45:44.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:44.981Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:44.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:44.981Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:45.122Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.122Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:45.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.200Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:46.340Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.340Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:46.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.809Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:46.950Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:46.950Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:48.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:48.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:49.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 17:45:52.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 17:45:52.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.309Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.450Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.715Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:52.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:52.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:52.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:52.918Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:52.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:52.918Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:52.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.153Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:53.293Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:53.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.387Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.434Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.481Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:45:53.528Open1480C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:45:53.528Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:45:53.528Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:45:53.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:53.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.528Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.575Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:45:53.575Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.575Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:53.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:53.809Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:45:53.950Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.465Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:45:54.465Open1480C:\malware.exeC:\pt-BR\dllQ.resources.dll
10/7/2020 - 17:45:54.465Open1480C:\malware.exeC:\pt-BR\dllQ.resources\dllQ.resources.dll
10/7/2020 - 17:45:54.465Open1480C:\malware.exeC:\pt-BR\dllQ.resources.exe
10/7/2020 - 17:45:54.465Open1480C:\malware.exeC:\pt-BR\dllQ.resources\dllQ.resources.exe
10/7/2020 - 17:45:54.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:45:54.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:54.700Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:54.700Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:54.700Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\pt\dllQ.resources.dll
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\pt\dllQ.resources\dllQ.resources.dll
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\pt\dllQ.resources.exe
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\pt\dllQ.resources\dllQ.resources.exe
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:27.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:27.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:27.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:27.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:27.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:28.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:28.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:29.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:30.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:30.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.653Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 17:46:30.653Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:30.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:46:30.653Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:46:30.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:46:30.653Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:46:30.700Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:46:30.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:30.700Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 17:46:30.700Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:46:30.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:46:30.700Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:46:30.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:46:30.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:30.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:31.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:32.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:32.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:32.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
10/7/2020 - 17:46:32.497Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 17:46:32.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:32.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:32.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:32.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:32.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:32.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:32.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:32.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:33.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:33.75Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 17:46:33.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:33.168Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:33.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:33.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:33.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:46:33.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:46:33.356Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.403Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.497Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.543Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:33.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:46:33.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:46:33.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:46:33.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:46:33.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:46:33.684Open1480C:\malware.exeC:\shfolder.dll
10/7/2020 - 17:46:33.731Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:46:33.731Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:46:33.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:33.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.481Open1480C:\malware.exeC:\ntmarta.dll
10/7/2020 - 17:46:34.481Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
10/7/2020 - 17:46:34.481Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
10/7/2020 - 17:46:34.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:34.481Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:34.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:34.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.715Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:34.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:34.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:34.715Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.825Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:34.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.825Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:34.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:34.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:35.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:35.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:35.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exe
10/7/2020 - 17:46:35.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:35.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:35.200Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\miUhjfyLCB.exemiUhjfyLCB.exe
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:46:35.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:46:35.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:35.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:35.231Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:35.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:35.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Monitor
10/7/2020 - 17:46:35.434Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\PROPSYS.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:35.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
10/7/2020 - 17:46:35.434Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\apphelp.dll
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\
10/7/2020 - 17:46:35.450Unknown1480C:\malware.exeC:\
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.450Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.450Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.512Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.512Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.528Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.528Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.528Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.543Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 17:46:35.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 17:46:35.590Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:35.590Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:35.590Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:35.606Open1480C:\malware.exeC:\Monitor\schtasks.exe
10/7/2020 - 17:46:35.606Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.606Open1480C:\malware.exeC:\
10/7/2020 - 17:46:35.606Unknown1480C:\malware.exeC:\
10/7/2020 - 17:46:35.606Open1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.606Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.606Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.606Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
10/7/2020 - 17:46:35.622Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Windows\System32\propsys.dll
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:46:35.622Open1480C:\malware.exeC:\Windows\System32\propsys.dll
10/7/2020 - 17:46:35.747Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
10/7/2020 - 17:46:35.747Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
10/7/2020 - 17:46:35.747Open1480C:\malware.exeC:\Secur32.dll
10/7/2020 - 17:46:35.747Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 17:46:35.747Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:46:35.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\
10/7/2020 - 17:46:35.762Unknown1480C:\malware.exeC:\
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.762Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.762Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.762Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.762Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Monitor
10/7/2020 - 17:46:35.809Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.809Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\
10/7/2020 - 17:46:35.809Unknown1480C:\malware.exeC:\
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.809Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.809Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.809Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.809Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.809Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:35.825Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
10/7/2020 - 17:46:35.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 17:46:35.887Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 17:46:35.887Open1228C:\Windows\SysWOW64\schtasks.exeC:\Monitor
10/7/2020 - 17:46:35.981Open1480C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 17:46:35.981Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:46:35.981Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:46:35.981Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:46:35.981Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:46:36.153Read1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:36.153Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:36.168Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:36.168Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:36.168Read1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:46:36.215Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:36.215Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:36.418Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
10/7/2020 - 17:46:36.418Open1228C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
10/7/2020 - 17:46:36.512Open1228C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:36.512Read1228C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:36.512Read1228C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:37.872Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 17:46:37.872Unknown1228C:\Windows\SysWOW64\schtasks.exeC:\Monitor
10/7/2020 - 17:46:37.934Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:37.934Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
10/7/2020 - 17:46:37.934Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:37.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:37.934Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpCDAD.tmp
10/7/2020 - 17:46:37.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:37.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.28Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.28Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 17:46:38.75Read2856C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:46:38.75Open2856C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:46:38.75Open2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:46:38.75Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:46:38.90Read2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:46:38.90Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\System32
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\System32
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\System32
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:46:38.90Open2856C:\malware.exeC:\Windows\Temp
10/7/2020 - 17:46:38.90Unknown2856C:\malware.exeC:\Windows\Temp
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\Temp
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:46:38.106Unknown2856C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:38.106Open2856C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:46:38.122Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.122Open2856C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
10/7/2020 - 17:46:38.122Read2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:46:38.122Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:46:38.122Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.137Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:46:38.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:46:38.137Read2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
10/7/2020 - 17:46:38.137Read2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:46:38.137Unknown2856C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:46:38.137Open2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.153Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:46:38.153Open2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:46:38.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.231Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.231Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.231Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.231Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.231Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:46:38.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:38.231Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.247Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:46:38.247Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.247Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.247Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.247Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.247Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:46:38.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:46:38.247Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:46:38.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116296
10/7/2020 - 17:46:38.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116296
10/7/2020 - 17:46:38.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116359
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.262Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:38.262Open2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:46:38.262Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:38.262Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.278Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:38.278Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:46:38.278Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:46:38.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:46:38.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:46:38.340Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\malware.config
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.340Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.340Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.340Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.340Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.340Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:38.340Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.372Open2856C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:46:38.372Open2856C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:46:38.372Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:46:38.372Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:46:38.372Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.372Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:46:38.372Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.372Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:38.434Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:38.434Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:38.434Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.481Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.528Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.575Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.622Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.715Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.715Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:46:38.715Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\bcrypt.dll
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:46:38.715Open2856C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 17:46:38.778Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.825Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.934Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.981Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.75Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.122Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.168Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.215Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.262Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.309Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.356Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.403Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.497Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:39.590Open2856C:\malware.exeC:\dwmapi.dll
10/7/2020 - 17:46:39.590Open2856C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 17:46:39.590Open2856C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 17:46:39.590Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.731Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.778Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.825Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.872Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.918Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:46:39.965Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:40.12Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:40.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:40.106Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:40.153Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:51.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:51.497Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:51.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:51.590Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:51.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:51.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/7/2020 - 17:46:51.731Open2856C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:46:51.731Open2856C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:46:51.731Open2856C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:46:51.731Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.731Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.747Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.762Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.762Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:46:51.762Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:51.903Open2856C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 17:46:51.903Open2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:46:51.903Unknown2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:46:51.903Open2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:46:51.903Unknown2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:46:51.950Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 17:46:51.950Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 17:46:51.950Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
10/7/2020 - 17:46:51.950Open2856C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 17:46:51.950Open2856C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 17:46:51.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 17:46:51.965Unknown2856C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 17:46:51.965Open2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:46:51.965Open2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:46:51.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 17:46:51.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 17:46:51.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 17:46:51.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 17:46:52.497Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 17:46:52.497Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 17:46:52.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 17:46:52.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 17:46:52.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/7/2020 - 17:46:52.981Open2856C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 17:46:52.981Open2856C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:53.418Open2856C:\malware.exeC:\SXS.DLL
10/7/2020 - 17:46:53.418Open2856C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 17:46:53.418Open2856C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 17:46:53.418Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.418Open2856C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 17:46:53.543Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.590Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 17:46:53.637Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 17:46:54.122Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:54.122Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:54.122Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.122Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.122Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:54.122Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:54.122Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.137Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.137Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.137Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.137Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.137Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.137Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.137Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.137Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.153Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:54.153Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:54.153Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:54.153Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:54.153Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 17:46:54.153Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.153Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.153Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 17:46:54.153Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:54.153Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:54.168Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/7/2020 - 17:46:55.184Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 17:46:55.184Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.184Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:55.200Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:55.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:55.293Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.293Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.340Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.387Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.434Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:55.481Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:46:55.528Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.528Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:46:55.528Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.575Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.622Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.668Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.715Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 17:46:55.715Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.715Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:55.715Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:55.715Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:55.715Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:55.715Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 17:46:55.731Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 17:46:55.918Read2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:46:56.247Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/7/2020 - 17:47:4.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:4.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:4.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:7.512Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:7.559Read2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:14.856Open2856C:\malware.exeC:\%insfolder%\%insname%
10/7/2020 - 17:47:26.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:26.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:26.293Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:26.340Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:26.387Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:26.434Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:26.481Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:26.528Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:26.575Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:26.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:26.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:26.793Open2856C:\malware.exeC:\shfolder.dll
10/7/2020 - 17:47:26.793Open2856C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:47:26.793Open2856C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:47:26.793Open2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:26.793Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:26.793Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:26.856Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:26.903Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
10/7/2020 - 17:47:27.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
10/7/2020 - 17:47:27.75Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
10/7/2020 - 17:47:27.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
10/7/2020 - 17:47:27.122Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:27.168Open2856C:\malware.exeC:\Monitor\Folder.lst
10/7/2020 - 17:47:27.168Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.215Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.262Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.309Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.356Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.403Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.497Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.590Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\malware.config
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:27.731Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:27.731Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:27.731Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:27.731Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:27.731Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 17:47:27.731Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:27.731Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:27.731Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:27.778Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:27.825Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:27.872Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 17:47:27.872Open2856C:\malware.exeC:\FTP Navigator\Ftplist.txt
10/7/2020 - 17:47:27.872Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 17:47:27.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/7/2020 - 17:47:27.950Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/7/2020 - 17:47:27.950Open2856C:\malware.exeC:\Storage
10/7/2020 - 17:47:27.950Open2856C:\malware.exeC:\mail
10/7/2020 - 17:47:27.950Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/7/2020 - 17:47:27.950Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/7/2020 - 17:47:27.965Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
10/7/2020 - 17:47:27.965Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:28.12Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 17:47:28.12Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 17:47:28.12Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/7/2020 - 17:47:28.12Open2856C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:47:28.12Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:47:28.59Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:47:28.59Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.106Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.106Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.106Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.153Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.200Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.247Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.293Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:47:28.340Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/7/2020 - 17:47:28.340Open2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:28.387Open2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:28.668Open2856C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:47:28.668Open2856C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 17:47:28.668Open2856C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 17:47:28.668Open2856C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 17:47:29.43Open2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:29.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:29.59Open2856C:\malware.exeC:\cftp\Ftplist.txt
10/7/2020 - 17:47:29.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/7/2020 - 17:47:29.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 17:47:29.153Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.153Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 17:47:29.153Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.293Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.340Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.387Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.434Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.481Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.528Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.575Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.622Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.715Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.762Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.809Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.856Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.903Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:29.950Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:29.997Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:29.997Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.90Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.231Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.278Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.325Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.372Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.465Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.512Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.559Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.653Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.700Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.747Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.793Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.840Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
10/7/2020 - 17:47:30.887Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
10/7/2020 - 17:47:30.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 17:47:30.934Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
10/7/2020 - 17:47:30.934Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
10/7/2020 - 17:47:31.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.75Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:31.75Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:31.75Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:31.122Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:31.122Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:31.122Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:31.122Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:31.122Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:31.122Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:31.122Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:31.168Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
10/7/2020 - 17:47:31.168Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
10/7/2020 - 17:47:31.168Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 17:47:31.168Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 17:47:31.168Open2856C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
10/7/2020 - 17:47:31.168Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 17:47:31.215Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
10/7/2020 - 17:47:31.215Open2856C:\malware.exeC:\Program Files (x86)
10/7/2020 - 17:47:31.215Unknown2856C:\malware.exeC:\Program Files (x86)
10/7/2020 - 17:47:31.215Open2856C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/7/2020 - 17:47:31.215Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.262Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.309Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.356Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.403Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.497Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.590Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:31.731Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
10/7/2020 - 17:47:31.731Open2856C:\malware.exeC:\vaultcli.dll
10/7/2020 - 17:47:31.731Open2856C:\malware.exeC:\vaultcli.dll
10/7/2020 - 17:47:31.731Open2856C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 17:47:31.731Open2856C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 17:47:32.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:32.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:32.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:32.668Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 17:47:32.668Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 17:47:32.668Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 17:47:32.684Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 17:47:37.731Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:47:37.731Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:47:37.731Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 17:47:37.731Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll

Process
Trace
10/7/2020 - 17:46:35.809Create1480C:\malware.exe1228C:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:37.872Terminate1480C:\malware.exe1228C:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 17:46:38.28Create1480C:\malware.exe2856C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 17:46:35.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 17:46:35.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 17:46:35.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 17:46:35.747Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
10/7/2020 - 17:46:35.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 17:46:35.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 17:46:35.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 17:46:35.762Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.94%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 90.62%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 48.45%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 85.11%
suspicious: True check_circle

Add to Collection
Download