Report #10860 check_circle

Binary
DLL
False cancel
Size
531.00KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
2b8ffa3d1e175136dbecbc64b2562294
sha1
1f9f9a709fc9565ffea8b3f3a655a607aff03d28
crc32
0x19cf78
sha224
7ebb81b2b337844b80fca26acaaa558f9fe5772c49563ef165617647
sha256
74c74bc92e1e2b1fbec04160533ddc46adfd8e2f691295ad4a08cbd83e01adc7
sha384
e2b57d20e40d8280ac2ccf72e342a2885ed3abb283028c32b19d7d610d789cd3173a17066e5af4ced35585668e589735
sha512
be86d9ffca14908d42a7782664eb6eabc669c2b25ec6dd3ad332b934c860a7513773e6e85de1e084d3965ac839959b546a77dbf81e3526dc698e94386bc74802
ssdeep
12288:pLkCFU6qjzgHlipNpBdkoZvbc7uGkJVFMyskTN/SEL6OJRlDWdbhDxXkYbzS9TVw:pLkCFU6qjzgHl6NpBdkoZvbc7uGkJVF2
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, url, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://tempuri.org/phoneDataSet2.xsd
http://tempuri.org/phoneDataSet.xsd
http://tempuri.org/phoneDataSet1.xsd
Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\N\documents\visual studio 2010\Projects\MobileShopManagementSystem\MobileShopManagementSystem\phone.mdf;Integrated Security=True;User Instance=True
Data Source=.\SQLEXPRESS;AttachDbFilename=F:\Sem.4\C# Projects\MobileShopManagementSystem\MobileShopManagementSystem\phone.mdf;Integrated Security=True;User Instance=True
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
T.Ae
http://www.w3.org/2001/XMLSchema
Brought to You By: code-projects.org
System.ComponentModel.Design
M.CY
vs.data.TableAdapter
MobileShopManagementSystem.Properties
Microsoft.VSDesigner.DataSource.Design.TableAdapterDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerDesigner, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Microsoft.VSDesigner.DataSource.Design.TableAdapterManagerPropertyEditor, Microsoft.VSDesigner, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"System.Drawing.Design.UITypeEditor
oData Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\phone.mdf;Integrated Security=True;User Instance=True
get_DeleteCommand
vs.data.DataSet
vs.data.TableAdapterManager
11.2.5.0
16.0.0.0
11.5.1.0
16.0.0.0
11.5.1.0
16.0.0.0
11.5.1.0
dsEAa.exe
dsEAa.exe
dsEAa.exe
Username
OnRowDeleted
OnRowDeleting
$#%#&#'#0/1/43538797
}=4_
MobileShopManagementSystem.Properties.Resources.resources
E1a8m
(System.Data.Design.TypedDataSetGenerator
add_PhonesRowDeleted
's Id is
get_SpringGreen
remove_PhonesRowDeleted
DeletePhoneRecord_Load
remove_CustomerRowDeleted
8%oEtX
MobileShopManagementSystem.Properties.Resources
3System.Resources.Tools.StronglyTypedResourceBuilder
oebw~%g
CustomerRowDeleted
PhonesRowDeleted
Count
Rear Camera
Delete Phone Record
Delete
Next
fDwhuV
DeletePhoneRecord
Delegate
DeletePhoneRecord
builder
MulticastDelegate
System.Windows.Forms
Adobe Photoshop CS5 Windows
All TableAdapters managed by a TableAdapterManager must use the same connection string.
E=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQAAAAwAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAgLAADAuAAMA4CAxAAAA4GAvBQaAMHAyBQZAYFAgAQeAwGAiBQbAUGAzBwcAEEABAACAgDAAAAMA4CAwAgLAADAuAQMAAAAuBwbAkGAzBgcAUGAWBAdAMGA1BAZA8GAyBAUAEAAIAANAAAAvBQaAQGA1BAdAMFAkBQaA8GAyBAZA4GABBAAAAAAlBQbAEGAOBAdAMGA1BAZA8GAyBAUAEAAOAAPAAAAsBAbAQGAuAwbAkGAkBQdAQHATBAZAkGAvBgcAQGAuBQQAAAAlBQbAEGAuBQZAwGApBgRAwGAhBgbAkGAnBQaAIHAPBQAAIBAMBAAAAAAAAAAAMHArBgcAEGAtBQZAQGAhBgcAQFAsBQYAcGAlBATAEAABAgKAAAAwAgMAADAyAAIAACApCAIAQHAoBwZAkGAyBQeAAHAvBwQAAAA0BAaAcGApBgcAkHAwBwbAMEAsBQYAcGAlBATAEAASAASAAAAsBAbAQGAuAwbAkGAkBQdAQHATBAZAkGAvBgcAQGAuBQQAAAAlBQbAEGAOBAbAEGAuBgcAUGA0BgbAkEABAgEAQEAAAAMA4CAwAgLAADAuAQMAAAAAAgbA8GApBwcAIHAlBgVAUGAsBQaAYEABAACAADAAAwbAkGAkBQdAQHATBAZAkGAvBgcAQGAuBQQAAAAAAgbA8GApBAdAAHApBgcAMGAzBQZAQEAlBAbAkGAGBQAA4AAEBAAAAAAAAAAAUGAtBQYA4EA5BgbAEGAwBQbA8GADBQAAEAAiAAAAAAAAAwcAQHAuBQZA0GAtBwbAMEABAQAAoBAAAAMAIGA0AAMAADAwAAMAADABAAACgHAAAwbAYGAuBQSAUGAsBQaAYEAnBgbAkGAyBAdAMFABAAACwJBwCAAAAAAAAgbA8GApBAdAEGAsBwcA4GAhBgcAQFAAAABAQCAAAAAA8GAmBgbAkEAlBAbAkGAGBgcAEGAWBQAAAAAEBAAAAAAAAAAAAAAAAAAAIAAAAABAAAAAAAAA8DAAAAAAEAAAAAAAAAABAAAAEAAA4/7E0LAAAAAA8EAGBgTAkEAfBgTA8EAJBwUAIFAFBgVA8FATBgVAAAA0MAPAAAAAAAAAAAAAMAPAAAQYBAAAgEAAAAAAEAAAAAAAAAAAAAAAAAAAAIAAADAAAQAAEAAAAAAAAAAAAAAAAAAAAIAAgBAAAAEAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAgAQJ/DAAAAAAsxGZuUWZy92Yz1GAulWYNxGbEJ3bD9FAAAAAAAAAA8C8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAwL+DAAAAAAAAAAAAwLoDQBFMACD0BCGcQCO4QAAQQAAACBO4QAAQACDEAIEMQHBEAIFAAAAAjLw4CMuEzBAEADAAgNjRmZ4IWMxEWMhZWLlNzMi1yNzEDNtQTM3EWLzMmYhRDNmNDJAEQKAAAMyAjMgASqCDCdodWaylHcvNkEAEwFAAAAAEQBAAwbpRWd0NFZp9mck5WQNAQASAAAAAQAHAQAIEwc39mcoRlbvlGdwV2Y4Vkbv5EchJ3VWIAVAEAAB4BAAAAAAgAABggDO4QADAgBO4QSSIAAGkkEF0RAAYgDF0RBdIAAHUQHF0RAAYgDGIgOKUdE/91PwiQigTTGWxle3iAHdwBHCAiBJCoEAASBF0RgAKRAAcACBEAAEUQHBcABOwRAgQQgAKhDBIAIHEIgSAAAF4gDOIAAFkkEVJhAHYAAT0BAgUAATEQfSUBCBIAIKUAAgMQUREVECIAAHgACIgQURQAAIgACRFhAgYQBB0kEVUQBdIgACEVEIgACIUQANJRFKcgEFEgCDgAAe0BEBIQAQkACAAyAOUQHBASBtJBAAQQBdIgAIgQBdgQBdgwBNUWEdJRACAyBIUQHIIAAGgACF0BCDAyBF0RABASBF0RBdUkEIUQHBJhBH0gABEAIE4QABACBRERABASBBAAIDgQABACBAkoSGE5WqcdhJRvEYCGA71IAAAQA88yO2pDc5EGO3dzY2MXNmRDYzoiMvFjYww2Lu4SftEHL0tCdqMTCHgSNngnJyVSdkkzI/JybhUHIz9xae8THUxBQbokGXlBBYY1FDZBRVoFFGNBTSsQEDBhWPolDP0QSM01CcpAXJQBCQdARGYVBYQAXDgkAeFAVAk2eBQhcTcmEgFhdQA3Dp5AdN0GDbtAJKgXCphAZHonB9VQdEE2A9JQYBQEA7sCAA8TOx8DAy9Gdj5CA/gTM/AgbyVGdulEAzJXYoN0X0V2ZAI3b0NmLA0WZ0NXeTBgchh2QA8zNx8DA/YTM/AwP1EzPA8DNx8DA/MTM/AwPyEzPA8TMx8DA/ATM/AwP58DA/gzPAI3b0NmLA8zN/AwP28DA/UzPA8DN/AwPz8DA/IzPA8TM/AwPw8DAilGby92Yz1GAvlGZ1R3Ukl2byRmbBBAdphXRAU2avZnbJBAdul2bQlnc05WRfRXZnBAZh9GTAAXZlx2UAQ3YlpmYPRXZHBQesJWblN3cBlnc05WR0V2RAQXYj52bDBQehJncB9GVAU2ZuFmU0JXZz5WSAI0X0V2ZAc0X0V2ZAI1X0V2ZAQnb192QfRXZnBQe0lGbhVXcl5WSfB3bAI2ZyFUbvJnRAwWZ4lGU0V2RAQHanlWZI9FdldGAoRHZpd1X0V2ZAUmepNXZSBAa0dmblx0X0V2ZAMXZ0lnQ0V2RAkUSDNVQfRXZnBQZz9GczlGRAIzM05WSvRFAkFWZSBgcvR3YuAAduVWbu9mcpZnbFBQZzFmQk9Ga0VWTAIzM05WSA8mZulEZvhGdl1EAn5WakFWZyhGVu0WZ0NXeTBAZhVmcoRFA5xmYtV2czFEAxAWZsJWYyVWb15WRJBQZnFWbJBQehJncBBwZulmc0NFA0hXZU5SblR3c5NFAn5Wak92YuVEAlxmYhN3bwNXaElEAlR2bN52bpN3clJHct92QAIXZ0JXZ252bDRXaCBQbhVmc0NFAlRXeCBwclNmc192clJlLtVGdzl3UAIXZnFmbh1UZjJXdvNXZSBgcvx2bDBwYpJXZuV2RuMnbvlGdjVGbs92Qu0WZ0NXeTBQMgR3cpxEAn5Wa3FmcE5SblR3c5NFAwFWb0lmQA42bpN3clJHct92Qu8USu0WZ0NXeTBQbhVmc0NFcpp1RA8USu0WZ0NXeTBQbhVmc0NVey9Wbl1EAtVGdzl3UAQ3YlpmYPBQZ0VnYpJHd0Fkbvl2cyVmVlxWaGlHbi1WZzNXQAUGd1JWayRHdBRWa1dEAzV2YpZnclNFcvJXZ05WSuUWbpRnb1JlLtVGdzl3UAUGd1JWayRHdBVGbil2cpZVbvNEAlRXdilmc0RXQrJXYtVGZhJHV5xmYtV2czFEAlRXdilmc0RXQ0h2ZpJXew92Q5xmYtV2czFEAlRXdilmc0RXQ0NWdk9mcQlHbi1WZzNXQAUGd1JWayRHdBlnbhBXbvNUesJWblN3cBBQZ0VnYpJHd0FkbvlGdhJXdnlmZu92Q5xmYtV2czFEAlRXdilmc0RXQu9Wa0BXayN2clRUesJWblN3cBBgbvlGdjVGbmVmUu0WZ0NXeTBQZ0VnYpJHd0FUZsRXaUlHbi1WZzNXQAMXZk9WTn5WandWdiVGRAM3YpR3cv52ZhlGRu0WZ0NXeTBQZ0VnYpJHd0FUZsJWYndWdiVGRAUGd1JWayRHdBlHdpxWailGdhBXbvNUZtlGduVnUAMXZjlmdyV2UyVGbpBXbvNkLl1Wa05WdS5SblR3c5NFAlRXdilmc0RXQz52bpRXY4FGblJlbvlGdhxWaw12bDBAbsRmLvlGZ1R3Ukl2byRmbBBAAAAAbA0CAAAAAC8BA+DAAAAAAAAAAAAAACAAAAAQAZDQ9AAAAAAAAAAAAAAgAAAAAAQgJAUPAAAAAAAAAAAAAAIAAAQAGAAAAAAAAAAAAAAAAAEAAAAIBAMYAhDg1AYLAwBQRAoRA6CwaA4SAQCwYA4SAyBwWA4SAyBwUA4SA4BwSA4SAfBwQA4SAyBwOA4SAyBwMA4SAyBwKA4SAfBwIA4SAWBwGA4SA3AwEA4SAuAwCA4SATTQoAEeAOTwlAEeAITQkAEOAGMwKAkHAbTwEBkCAuTADBECAoPQ/BEAAgPA+BEAAbPg8BkAARPA6AkKAJPwKAkKADPw1BEAA9OA0AEOAwOAyAwAAlOAvAwAAhOgtAEKAhOAsAEKAhOgqAEKAeNAoAwAAZOgkAEKAQOQiAEKAJOAgAEJAeNQdAEPAeNwaAEPAGMwKAwAAiNAZAkOAeNQWAEOAYNAUAkNATNgRAkNAGMgPAENA9MwKAkIA2MgNAEMAuMQMAkLAoMwKAEIAQMwKAEHAQMwKAkGAVMwKAEGAQMwKAkFAQMwKAEFAQMwKAkEAQMwKAEEAQMwKAkDAQMwKAEDAQMwKAkCAKMwKAkBAGMwKAEBABMwKAkABzCQAAAAB7BwAAAAB2BgAAAABxBQAAAABsBgAAAABnBQAAAABiBQAAAABdBgAAAABZBQAAAABVBQAAAAAKEA3EMLAWAAAAAwIkCgCBgNBtihhAAAAAMCkAoAAGQwTYYIAAAAAjQGAHEwJEsEAWCAAAAwIMAQBBACBHBglAAAAAICyAQQAZQwQAEJAAAAAhANACEQEE8DAWCAAAAQIMAQABoAB7AglAAAAAACUBcABACQAAcAACAQPAAABoCAAAEAABAQAA0DBzQwNAABABAQAAEAAAAAAE8CAAAAAEoIBFCgBBk9AfAgBA47AUAgBBk9AOAgBA47ADAgBCIvArDgBA4rAiDgBCUjAUDgBC8hAODgDBktAIDgBBktABDgBCUrAsCgBBktAgCgBCIgAQCgCBktADCgBB0uA8BgBBktA3BgBCYmAWBgBC8hAQBgDCUjAuAgBC8hAYAgDCIQA3DgCB0eAgDgBBkdASDgBA4bA1CgBBgYAnCgBBgYA0BgBA4bAZBgBA4bA+AgBA4bAlAgBA4bAMAgBA4LAtDgBA4LAQDgBA4LAnCgBAAAAYCwDAUIAxBgBAMDATBgBAMDATAgBAAAAAAQAAEAAAAAAAEAAAAwAAAAABAAAAEAAAAgBAAAANAAAA8CAAAgCAAAAIAAAAEAAAAwAAAAAmAAAAEAAAYBAzEg+AAAAIkACCUxVBAAACAAAAAAAAAgYvxmQjAAABwOAAkAxAAAAElUVHNCAAAAEAAQC0CwUVNCAAAArAAQCIAAAAAwcn5WayR3UjAAAEgLAAQAUAAgfjAAADQOAAAAbAUAAAAAA3IzNwUjLw4iM2BAAAwAAAAAAAEAABIkSTJ0///f54oAAA0ycH8///D8P////sjjKKAAAvgCAAAwC4kmjHgADYdBCdGNYEEhYeUQEIcQBTIdYIMmHJQwESHWWIYQCNoAAA4ybIIAAAAgN4wgFLEAAAYSjGogCAAQFvJQEAAgBAAAAgBACwMBAqoAAAwCKCAAAAAAAAAwBAEAMTAAAAoCAKAAAsgiAAAAAAgDBAAQA9ZAAAgAKwBAAtInAAAAAAAAAA0BAIAzAAAAAqAgCAAwKoYhJKAAAq8GFBAAAjwoFKAAAp8mCAAAKoYgCGAAABgiBAAgAoMgBAAwAoYAAAQAKEIAAAAAA4AgCAAwJoAAAAiOIAEBAAUAAAAQSAMAMTAAAA8///nPOqcAAAAgA4sQAAAgE0pAAAYybCYgCKAAAlMnCAAAJooAAAMCKGAAAIgCcAAQAyNAARAAAEAAAAUDACAzEA8///rLO////6iTCToAAAIybG8///7jO////8iDDWfBCA8////lO////JiTGKAAAd8mBGAw///fw58///3MO////jjjKJEBAAAQQ4AAAAQDOIEBCTEg/WIg/HgAAAAQN4cQEHMRA+bhA+nABRQwEWfBBRAAAAoAAAEybcqAAAACKFIBGlwpCAAwHoUgEXUCnKAAAegSBSYRJBAAAW0IAAAAZ4YQEGMhCAAAHooAAAsBKWYhFWUQEFMhCAAgGvRQEIIAAAAAAEiDBTYRDafhCAAQGvJAAAAAARiDDWsg2XoAAAgxbCogCAAwFzBQEAAwAAAAArDgBwMhK////Qjz///Px44oACIx///Ph68///bLO////yiTDW8///7bO////OjDAAAQK4cQEAAAArgzBTgAArAAABgSWXkGAAAgL4YQEGMRA+bhA+n1Fp5oAEEBBTg1FEEBANg1FJAAAAkEOAAAAChTBRUwEB4fWXoAAAUxbDkAnSHWkJYQYHEJBRIABRgAAAAAAhhDBTYRDWwQAAAgFNi1Fp5oALEGcfEZWXkmjCIgCKAAAU82AKAAATgCARAAACAAAAgLAFAzEAAAAAAAAAgBAAAwXAAAAXBAAAgAAAAgAAAAAAAAAAgBAAAwRAAAAdAAAAoCAAAgAAAANBBAAqUQEcDgCAAgEvZw///v95AAAAwAOAAAAFgjBcDgCAAgEvlw///v95AAAAwAOAAAAFgTCAAAAw0dBTQQEmoAAA8wbIYBBRkABTEAAAYRjIAQDKAAARMnFGwgCAAAEoYxBmoAAA8wbaYxBGsQAAAgFNqBAKoAAA4wcCAQEAAQAAAAA6BABwsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAALALAAQCEAUAACAAAAgEAAAAAAAwLwDAAAAAAAAAAAAAAAAAAAAgQAAAQAAAAAAAAAAAAAAAAAAAGAAAACAAAAAGAAAAAMAAAj9GblJnLABAAABAAAAAAAAAAAAAAAAAAUAAAAQAAAAAQAAAAEAAAAAwYyNncuAGAAACAAAAAAAAAAAAAAAAAAIAAAAgEAAAAgAAAAABFAAAA0hXZ05CAAAAAAAAAAAAAAgEAAACCAAAAAAAAAAAAAAACAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAGAAAAAAAAAAAAAAAAAAAAAAAAADgJAAAEAAAAALBAAvAMAAAAAAAAAAAAAAABAAAAAAAAEAAAEAAAAAABAAABAAUIQAMAAAAAAAAgAAAAAACAAAAAAAAAAEAAAAAAAAAABAAgAAAAAgAAEAAAAAAAQAAAAgAAAAAjDAAAAAAAAGAAAAABAAATALEiAAAOAAAAAAAAAA4a602JADEATAAQRQBAAAAAAAAAJK0QDuUGZv1GIT9ERg4Wag4WdyBSZiBCdv5mbhNGItFmcn9mcwBycphGVh0MTBgbINnAtA4guf4AAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAgLAA8//AAAAEAAAAMAAQqVT
mscoree.dll
set_CommandType
set_CommandText
set_SelectCommand
get_UpdateCommand
set_InsertCommand
get_InsertCommand
get_network
set_network
get_networkColumn
@network
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
set_PasswordChar
_commandCollection
Adobe_CM
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADt
get_CommandCollection
get_ResourceManager
get_Adapter
_adapter
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
! %!3"?#A%E&N'U(W,Z-`.b/g2l3q6v7{

Foremost
Matches
372.jpg, 38 KB, 645.jpg, 113 KB, 873.jpg, 36 KB, 0.exe, 531 KB, 449.png, 97 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed: http://www.w3.org/2001/xmlschema
hasURLs: True check_circle
Suspicious: http://tempuri.org/phonedataset.xsd, http://tempuri.org/phonedataset2.xsd, http://tempuri.org/phonedataset1.xsd
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious: System.Xml
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 548606
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-07-08 21:08:07
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 157

pushpopmath
.text: 448

ss register
.text: 1

garbagebytes
.text: 51

hookdetection
.text: 7

software breakpoint
.text: 6

fakeconditionaljumps
.text: 4

programcontrolflowchange
.text: 47

cpuinstructionsresultscomparison
.text: 61

AVclass
remcos
1
VirusTotal
md5
2b8ffa3d1e175136dbecbc64b2562294
sha1
1f9f9a709fc9565ffea8b3f3a655a607aff03d28
SCANS (DETECTION RATE = 50.00%)
AVG
update: 20200709
version: 18.4.3895.0
detected: False cancel

CMC
update: 20200709
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=87)
update: 20200709
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200708
version: 6.45
detected: True check_circle

Bkav
update: 20200709
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200709
version: 11.120.34643
detected: False cancel

ALYac
update: 20200709
version: 1.1.1.5
detected: False cancel

Avast
update: 20200709
version: 18.4.3895.0
detected: False cancel

Avira
result: TR/AD.Remcos.fbqwr
update: 20200709
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200709
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Kryptik.BBM.gen!Eldorado
update: 20200709
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.PackedNET.378
update: 20200709
version: 7.0.46.3050
detected: True check_circle

GData
result: Win32.Trojan.Agent.EEJ2PG
update: 20200709
version: A:25.26183B:27.19386
detected: True check_circle

Panda
update: 20200709
version: 4.6.4.2
detected: False cancel

VBA32
update: 20200709
version: 4.4.1
detected: False cancel

VIPRE
update: 20200709
version: 85074
detected: False cancel

Zoner
update: 20200708
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200709
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200709
version: 32611
detected: False cancel

F-Prot
result: W32/MSIL_Kryptik.BBM.gen!Eldorado
update: 20200709
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Win32.SuspectCrc
update: 20200709
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FWJ!2B8FFA3D1E17
update: 20200709
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200709
version: 25.0.0.26
detected: False cancel

Sophos
update: 20200709
version: 4.98.0
detected: False cancel

Yandex
update: 20200707
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200709
version: 2.0.0.4126
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
result: Trojan:Win32/Kryptik.ali2000016
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D2972AC1
update: 20200709
version: 1.0.0.877
detected: True check_circle

Cylance
result: Unsafe
update: 20200709
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200608
version: 4.0.5
detected: True check_circle

FireEye
result: Trojan.GenericKD.43461313
update: 20200709
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200709
version: 2020-07-09.02
detected: False cancel

Tencent
update: 20200709
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200709
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200709
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200709
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.43461313
update: 20200709
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20200709
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.43461313 (B)
update: 20200709
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.Remcos.fbqwr
update: 20200709
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/GenKryptik.ENXE!tr
update: 20200709
version: 6.2.142.0
detected: True check_circle

Invincea
result: heuristic
update: 20200502
version: 6.3.6.26157
detected: True check_circle

Jiangmin
update: 20200709
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200709
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200709
version: 1.0
detected: True check_circle

Symantec
result: Packed.Generic.570
update: 20200709
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.moderate.ml.score
update: 20200619
version: 3.5.0.987
detected: True check_circle

AhnLab-V3
update: 20200709
version: 3.18.0.10009
detected: False cancel

Antiy-AVL
update: 20200709
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200709
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20200622
version: 1.0.0.1
detected: False cancel

Microsoft
result: Backdoor:Win32/Rescoms.A
update: 20200709
version: 1.1.17200.2
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200709
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200709
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.WTP
update: 20200709
version: 21627
detected: True check_circle

TrendMicro
result: Backdoor.MSIL.SOCMER.THGOIBO
update: 20200709
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43461313
update: 20200709
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_60% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20200709
version: 11.120.34648
detected: False cancel

SentinelOne
update: 20200601
version: 4.3.0.105
detected: False cancel

Avast-Mobile
update: 20200709
version: 200709-00
detected: False cancel

Malwarebytes
result: Spyware.HawkEyeKeyLogger
update: 20200709
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
update: 20200709
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200709
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34132.Hm0@aqD@Ejd
update: 20200706
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.43461313
update: 20200709
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200703
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: Backdoor.MSIL.SOCMER.THGOIBO
update: 20200709
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
74c74bc92e1e2b1fbec04160533ddc46adfd8e2f691295ad4a08cbd83e01adc7
scan_id
74c74bc92e1e2b1fbec04160533ddc46adfd8e2f691295ad4a08cbd83e01adc7-1594311566
resource
2b8ffa3d1e175136dbecbc64b2562294
positives
36
scan_date
2020-07-09 16:19:26
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 17:45:43.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:45:43.559Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:43.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:43.559Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:43.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:43.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:45:43.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:45:43.575Open1480C:\malware.exeC:\
10/7/2020 - 17:45:43.575Unknown1480C:\malware.exeC:\
10/7/2020 - 17:45:43.575Open1480C:\malware.exeC:\Windows
10/7/2020 - 17:45:43.575Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:43.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:43.590Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:43.590Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.590Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.762Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:43.762Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 17:45:44.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:45:44.512Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:44.512Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:44.512Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:45:44.512Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:44.528Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.106Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:45.153Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:45.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\
10/7/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.903Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:45.903Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:45.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:45:45.950Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:45:45.950Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.950Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.950Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:45.950Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:45.965Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:45:45.965Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.965Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:45:45.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:45.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:45.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:45.981Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.981Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:45:45.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.981Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:45:45.997Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:45.997Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:46.653Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:46.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:47.262Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.403Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:48.997Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.231Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:49.887Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:50.356Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 17:45:52.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 17:45:52.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:45:53.59Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 17:45:53.59Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:45:53.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:53.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:53.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:45:53.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\ShFolder.DLL
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.106Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.106Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.106Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.106Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\marlett.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arial.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\ariali.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbd.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\arialbi.ttf
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.122Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.137Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.137Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.200Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.247Open1480C:\malware.exeC:\Windows\Fonts\batang.ttc
10/7/2020 - 17:45:53.247Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.247Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.247Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.387Open1480C:\malware.exeC:\Windows\Fonts\cour.ttf
10/7/2020 - 17:45:53.434Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.434Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.434Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.528Open1480C:\malware.exeC:\Windows\Fonts\couri.ttf
10/7/2020 - 17:45:53.575Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.575Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.575Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.715Open1480C:\malware.exeC:\Windows\Fonts\courbd.ttf
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.762Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.903Open1480C:\malware.exeC:\Windows\Fonts\courbi.ttf
10/7/2020 - 17:45:53.950Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:53.950Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:53.950Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:54.43Open1480C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
10/7/2020 - 17:45:54.43Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:54.43Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:54.43Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:54.137Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\estre.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:54.231Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\euphemia.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:54.372Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:54.512Open1480C:\malware.exeC:\Windows\Fonts\gautami.ttf
10/7/2020 - 17:45:54.559Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:54.559Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:54.559Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:54.653Open1480C:\malware.exeC:\Windows\Fonts\gautamib.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:54.700Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:54.793Open1480C:\malware.exeC:\Windows\Fonts\Vani.ttf
10/7/2020 - 17:45:54.793Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:54.793Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:54.793Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:54.887Open1480C:\malware.exeC:\Windows\Fonts\Vanib.ttf
10/7/2020 - 17:45:54.887Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:54.887Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:54.887Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:55.450Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:55.872Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:55.918Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:55.965Open1480C:\malware.exeC:\Windows\Fonts\gulim.ttc
10/7/2020 - 17:45:55.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:55.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:55.965Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:56.59Open1480C:\malware.exeC:\Windows\Fonts\impact.ttf
10/7/2020 - 17:45:56.59Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:56.59Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:56.59Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:56.200Open1480C:\malware.exeC:\Windows\Fonts\iskpota.ttf
10/7/2020 - 17:45:56.200Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:56.200Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:56.200Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:56.293Open1480C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
10/7/2020 - 17:45:56.293Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:56.293Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:56.293Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:56.387Open1480C:\malware.exeC:\Windows\Fonts\kalinga.ttf
10/7/2020 - 17:45:56.434Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:56.434Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:56.434Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:56.528Open1480C:\malware.exeC:\Windows\Fonts\kalingab.ttf
10/7/2020 - 17:45:56.575Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:56.575Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:56.575Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\kartika.ttf
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:56.668Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:56.762Open1480C:\malware.exeC:\Windows\Fonts\kartikab.ttf
10/7/2020 - 17:45:56.762Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:56.762Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:56.762Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:56.856Open1480C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
10/7/2020 - 17:45:56.903Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:56.903Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:56.903Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:56.997Open1480C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
10/7/2020 - 17:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:57.43Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:57.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
10/7/2020 - 17:45:57.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:57.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:57.137Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:57.231Open1480C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
10/7/2020 - 17:45:57.231Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:57.231Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:57.231Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:57.325Open1480C:\malware.exeC:\Windows\Fonts\latha.ttf
10/7/2020 - 17:45:57.325Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:57.325Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:57.325Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:57.418Open1480C:\malware.exeC:\Windows\Fonts\lathab.ttf
10/7/2020 - 17:45:57.418Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:57.418Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:57.418Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:57.512Open1480C:\malware.exeC:\Windows\Fonts\lucon.ttf
10/7/2020 - 17:45:57.559Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:57.559Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:57.559Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:57.840Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:45:57.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:57.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:57.997Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:58.278Open1480C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
10/7/2020 - 17:45:58.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:58.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:58.418Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:58.559Open1480C:\malware.exeC:\Windows\Fonts\mangal.ttf
10/7/2020 - 17:45:58.606Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:58.606Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:58.606Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:58.700Open1480C:\malware.exeC:\Windows\Fonts\mangalb.ttf
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:58.747Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:45:59.403Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:0.106Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:0.481Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:0.903Open1480C:\malware.exeC:\Windows\Fonts\meiryo.ttc
10/7/2020 - 17:46:1.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:1.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:1.278Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:1.981Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:2.684Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:3.59Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:3.512Open1480C:\malware.exeC:\Windows\Fonts\meiryob.ttc
10/7/2020 - 17:46:3.887Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:3.887Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:3.887Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:4.28Open1480C:\malware.exeC:\Windows\Fonts\himalaya.ttf
10/7/2020 - 17:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:4.75Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:4.450Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:4.778Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:5.106Open1480C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
10/7/2020 - 17:46:5.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:5.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:5.387Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:5.762Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:6.153Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:6.153Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:6.200Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:6.575Open1480C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
10/7/2020 - 17:46:6.903Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:6.903Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:6.903Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:7.418Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:7.793Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:7.793Open1480C:\malware.exeC:\Windows\Fonts\mingliu.ttc
10/7/2020 - 17:46:7.793Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:7.793Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:7.793Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:8.309Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:8.731Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:8.731Open1480C:\malware.exeC:\Windows\Fonts\mingliub.ttc
10/7/2020 - 17:46:8.731Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:8.731Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:8.731Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:8.872Open1480C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
10/7/2020 - 17:46:8.965Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:8.965Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:8.965Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:9.387Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:9.715Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:9.856Open1480C:\malware.exeC:\Windows\Fonts\msgothic.ttc
10/7/2020 - 17:46:9.950Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:9.950Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:9.950Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:10.325Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:10.653Open1480C:\malware.exeC:\Windows\Fonts\msmincho.ttc
10/7/2020 - 17:46:10.747Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:10.747Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:10.747Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\mvboli.ttf
10/7/2020 - 17:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:10.840Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:10.934Open1480C:\malware.exeC:\Windows\Fonts\ntailu.ttf
10/7/2020 - 17:46:10.934Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:10.934Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:10.934Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\ntailub.ttf
10/7/2020 - 17:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:11.28Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:11.168Open1480C:\malware.exeC:\Windows\Fonts\nyala.ttf
10/7/2020 - 17:46:11.262Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:11.262Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:11.262Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:11.403Open1480C:\malware.exeC:\Windows\Fonts\phagspa.ttf
10/7/2020 - 17:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:11.450Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:11.590Open1480C:\malware.exeC:\Windows\Fonts\phagspab.ttf
10/7/2020 - 17:46:11.590Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:11.590Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:11.590Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:11.684Open1480C:\malware.exeC:\Windows\Fonts\plantc.ttf
10/7/2020 - 17:46:11.684Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:11.684Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:11.684Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavi.ttf
10/7/2020 - 17:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:11.778Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\raavib.ttf
10/7/2020 - 17:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:11.872Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:12.12Open1480C:\malware.exeC:\Windows\Fonts\segoesc.ttf
10/7/2020 - 17:46:12.153Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:12.153Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:12.153Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:12.293Open1480C:\malware.exeC:\Windows\Fonts\segoescb.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:12.434Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
10/7/2020 - 17:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:12.481Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
10/7/2020 - 17:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:12.528Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:12.668Open1480C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisb.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\seguisym.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:12.762Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:12.903Open1480C:\malware.exeC:\Windows\Fonts\shruti.ttf
10/7/2020 - 17:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:12.950Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:13.90Open1480C:\malware.exeC:\Windows\Fonts\shrutib.ttf
10/7/2020 - 17:46:13.184Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:13.184Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:13.184Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:13.278Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\simsun.ttc
10/7/2020 - 17:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:13.372Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:13.700Open1480C:\malware.exeC:\Windows\Fonts\simsunb.ttf
10/7/2020 - 17:46:13.887Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:13.887Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:13.887Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
10/7/2020 - 17:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:13.981Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taile.ttf
10/7/2020 - 17:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:14.75Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\taileb.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\times.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:14.168Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:14.309Open1480C:\malware.exeC:\Windows\Fonts\timesi.ttf
10/7/2020 - 17:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:14.403Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\timesbd.ttf
10/7/2020 - 17:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:14.450Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:14.590Open1480C:\malware.exeC:\Windows\Fonts\timesbi.ttf
10/7/2020 - 17:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:14.684Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tunga.ttf
10/7/2020 - 17:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:14.778Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\tungab.ttf
10/7/2020 - 17:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:14.872Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrinda.ttf
10/7/2020 - 17:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:14.965Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\vrindab.ttf
10/7/2020 - 17:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:15.59Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonar.ttf
10/7/2020 - 17:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:15.153Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:15.293Open1480C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
10/7/2020 - 17:46:15.293Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:15.293Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:15.293Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\msyi.ttf
10/7/2020 - 17:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:15.434Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:15.481Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:15.528Open1480C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:15.622Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsa.ttf
10/7/2020 - 17:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:15.715Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsai.ttf
10/7/2020 - 17:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:15.809Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsab.ttf
10/7/2020 - 17:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:15.903Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\angsaz.ttf
10/7/2020 - 17:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:15.997Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparaj.ttf
10/7/2020 - 17:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:16.90Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajb.ttf
10/7/2020 - 17:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:16.184Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
10/7/2020 - 17:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:16.278Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\aparaji.ttf
10/7/2020 - 17:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:16.372Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordia.ttf
10/7/2020 - 17:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:16.465Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiai.ttf
10/7/2020 - 17:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:16.559Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiab.ttf
10/7/2020 - 17:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:16.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
10/7/2020 - 17:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:16.747Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:16.887Open1480C:\malware.exeC:\Windows\Fonts\ebrima.ttf
10/7/2020 - 17:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:16.934Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:17.75Open1480C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
10/7/2020 - 17:46:17.122Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:17.122Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:17.122Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gisha.ttf
10/7/2020 - 17:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:17.215Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\gishabd.ttf
10/7/2020 - 17:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:17.309Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokila.ttf
10/7/2020 - 17:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:17.403Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilab.ttf
10/7/2020 - 17:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:17.497Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
10/7/2020 - 17:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:17.590Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\kokilai.ttf
10/7/2020 - 17:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:17.684Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawad.ttf
10/7/2020 - 17:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:17.778Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
10/7/2020 - 17:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:17.872Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:18.12Open1480C:\malware.exeC:\Windows\Fonts\msuighur.ttf
10/7/2020 - 17:46:18.59Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:18.59Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:18.59Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\moolbor.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\symbol.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:18.153Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaah.ttf
10/7/2020 - 17:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:18.247Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
10/7/2020 - 17:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:18.340Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
10/7/2020 - 17:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:18.434Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
10/7/2020 - 17:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:18.528Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijaya.ttf
10/7/2020 - 17:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:18.622Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\vijayab.ttf
10/7/2020 - 17:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:18.715Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\wingding.ttf
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\modern.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\roman.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\script.fon
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:18.809Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\andlso.ttf
10/7/2020 - 17:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:18.903Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:19.43Open1480C:\malware.exeC:\Windows\Fonts\arabtype.ttf
10/7/2020 - 17:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:19.231Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpo.ttf
10/7/2020 - 17:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:19.325Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
10/7/2020 - 17:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:19.418Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
10/7/2020 - 17:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:19.512Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:19.653Open1480C:\malware.exeC:\Windows\Fonts\majalla.ttf
10/7/2020 - 17:46:19.793Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:19.793Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:19.793Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:19.934Open1480C:\malware.exeC:\Windows\Fonts\majallab.ttf
10/7/2020 - 17:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:20.75Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\trado.ttf
10/7/2020 - 17:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:20.168Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
10/7/2020 - 17:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:20.262Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:20.356Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\david.ttf
10/7/2020 - 17:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:20.450Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\davidbd.ttf
10/7/2020 - 17:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:20.543Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\frank.ttf
10/7/2020 - 17:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:20.637Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnm.ttf
10/7/2020 - 17:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:20.731Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
10/7/2020 - 17:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:20.825Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriam.ttf
10/7/2020 - 17:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:20.918Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\mriamc.ttf
10/7/2020 - 17:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:21.12Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\nrkis.ttf
10/7/2020 - 17:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:21.106Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\rod.ttf
10/7/2020 - 17:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:21.200Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:21.481Open1480C:\malware.exeC:\Windows\Fonts\simfang.ttf
10/7/2020 - 17:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:21.575Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:21.856Open1480C:\malware.exeC:\Windows\Fonts\simhei.ttf
10/7/2020 - 17:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:21.950Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:22.231Open1480C:\malware.exeC:\Windows\Fonts\simkai.ttf
10/7/2020 - 17:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:22.325Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsau.ttf
10/7/2020 - 17:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:22.418Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaui.ttf
10/7/2020 - 17:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:22.512Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:22.606Open1480C:\malware.exeC:\Windows\Fonts\angsaub.ttf
10/7/2020 - 17:46:22.622Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:22.622Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:22.622Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\angsauz.ttf
10/7/2020 - 17:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:22.715Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\browa.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:22.809Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\browai.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:22.903Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\browab.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:22.997Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\browaz.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:23.90Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\browau.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:23.184Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\browaui.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:23.278Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\browaub.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:23.372Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\browauz.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:23.465Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\cordiau.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:23.559Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:23.653Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:23.747Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:23.840Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\upcdl.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:23.934Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\upcdi.ttf
10/7/2020 - 17:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:24.28Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\upcdb.ttf
10/7/2020 - 17:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:24.122Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
10/7/2020 - 17:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:24.215Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\upcel.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:24.309Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\upcei.ttf
10/7/2020 - 17:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:24.403Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\upceb.ttf
10/7/2020 - 17:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:24.497Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\upcebi.ttf
10/7/2020 - 17:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:24.590Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\upcfl.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:24.684Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\upcfi.ttf
10/7/2020 - 17:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:24.778Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\upcfb.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:24.872Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
10/7/2020 - 17:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:24.965Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\upcil.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:25.59Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\upcii.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:25.153Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\upcib.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:25.247Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\upcibi.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:25.340Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\upcjl.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:25.434Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\upcji.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:25.528Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\upcjb.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:25.622Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:25.715Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\upckl.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:25.809Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\upcki.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:25.903Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\upckb.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:25.997Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\upckbi.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:26.90Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\upcll.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:26.184Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\upcli.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:26.278Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\upclb.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:26.372Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\upclbi.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:26.465Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:26.747Open1480C:\malware.exeC:\Windows\Fonts\kaiu.ttf
10/7/2020 - 17:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:26.887Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\l_10646.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\ariblk.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:27.28Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:27.75Open1480C:\malware.exeC:\Windows\Fonts\calibri.ttf
10/7/2020 - 17:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:27.262Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:27.403Open1480C:\malware.exeC:\Windows\Fonts\calibrii.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:27.590Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:27.731Open1480C:\malware.exeC:\Windows\Fonts\calibrib.ttf
10/7/2020 - 17:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:27.918Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:28.59Open1480C:\malware.exeC:\Windows\Fonts\calibriz.ttf
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:28.247Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:28.575Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:28.809Open1480C:\malware.exeC:\Windows\Fonts\cambria.ttc
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:29.90Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:29.231Open1480C:\malware.exeC:\Windows\Fonts\cambriai.ttf
10/7/2020 - 17:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:29.465Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:29.606Open1480C:\malware.exeC:\Windows\Fonts\cambriab.ttf
10/7/2020 - 17:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:29.934Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:30.75Open1480C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
10/7/2020 - 17:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:30.309Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\Candara.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:30.403Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\Candarai.ttf
10/7/2020 - 17:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:30.497Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\Candarab.ttf
10/7/2020 - 17:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:30.590Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comic.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:30.684Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\comicbd.ttf
10/7/2020 - 17:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:30.778Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:30.918Open1480C:\malware.exeC:\Windows\Fonts\consola.ttf
10/7/2020 - 17:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:30.965Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:31.106Open1480C:\malware.exeC:\Windows\Fonts\consolai.ttf
10/7/2020 - 17:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:31.153Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:31.293Open1480C:\malware.exeC:\Windows\Fonts\consolab.ttf
10/7/2020 - 17:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:31.340Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:31.481Open1480C:\malware.exeC:\Windows\Fonts\consolaz.ttf
10/7/2020 - 17:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:31.528Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:31.622Open1480C:\malware.exeC:\Windows\Fonts\constan.ttf
10/7/2020 - 17:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:31.715Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:31.809Open1480C:\malware.exeC:\Windows\Fonts\constani.ttf
10/7/2020 - 17:46:31.903Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:31.903Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:31.903Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:31.997Open1480C:\malware.exeC:\Windows\Fonts\constanb.ttf
10/7/2020 - 17:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:32.90Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:32.184Open1480C:\malware.exeC:\Windows\Fonts\constanz.ttf
10/7/2020 - 17:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:32.278Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:32.372Open1480C:\malware.exeC:\Windows\Fonts\corbel.ttf
10/7/2020 - 17:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:32.418Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:32.512Open1480C:\malware.exeC:\Windows\Fonts\corbeli.ttf
10/7/2020 - 17:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:32.559Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:32.653Open1480C:\malware.exeC:\Windows\Fonts\corbelb.ttf
10/7/2020 - 17:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:32.700Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:32.793Open1480C:\malware.exeC:\Windows\Fonts\corbelz.ttf
10/7/2020 - 17:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:32.840Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\framd.ttf
10/7/2020 - 17:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:32.934Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\framdit.ttf
10/7/2020 - 17:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:33.28Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:33.168Open1480C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
10/7/2020 - 17:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:34.762Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\georgia.ttf
10/7/2020 - 17:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:34.856Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\georgiai.ttf
10/7/2020 - 17:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:34.965Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\georgiab.ttf
10/7/2020 - 17:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:35.59Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
10/7/2020 - 17:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:35.153Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\pala.ttf
10/7/2020 - 17:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:35.293Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\palai.ttf
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:35.434Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\palab.ttf
10/7/2020 - 17:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:35.575Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\palabi.ttf
10/7/2020 - 17:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:35.715Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\segoepr.ttf
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:35.809Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
10/7/2020 - 17:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:35.903Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\trebuc.ttf
10/7/2020 - 17:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:35.997Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\trebucit.ttf
10/7/2020 - 17:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:36.90Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
10/7/2020 - 17:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:36.184Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
10/7/2020 - 17:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:36.278Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\verdana.ttf
10/7/2020 - 17:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:36.418Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\verdanai.ttf
10/7/2020 - 17:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:36.559Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\verdanab.ttf
10/7/2020 - 17:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:36.700Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
10/7/2020 - 17:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:36.840Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\webdings.ttf
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\coure.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\serife.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\sserife.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\smalle.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\smallf.fon
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:36.934Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:36.934Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:36.934Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:36.934Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:36.981Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.28Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.75Open1480C:\malware.exeC:\Windows\Fonts\calibrili.ttf
10/7/2020 - 17:46:37.75Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.122Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.168Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.215Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.262Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.309Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.356Read1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.403Unknown1480C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
10/7/2020 - 17:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:37.403Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:37.543Open1480C:\malware.exeC:\Windows\Fonts\calibril.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:37.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:37.918Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:37.918Read1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:37.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:46:37.918Open1480C:\malware.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:46:38.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:46:38.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:46:38.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:46:38.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:38.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:46:39.434Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:46:39.575Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:46:39.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:39.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.184Open1480C:\malware.exeC:\malware.config
10/7/2020 - 17:46:40.184Open1480C:\malware.exeC:\pt-BR\dsEAa.resources.dll
10/7/2020 - 17:46:40.184Open1480C:\malware.exeC:\pt-BR\dsEAa.resources\dsEAa.resources.dll
10/7/2020 - 17:46:40.184Open1480C:\malware.exeC:\pt-BR\dsEAa.resources.exe
10/7/2020 - 17:46:40.184Open1480C:\malware.exeC:\pt-BR\dsEAa.resources\dsEAa.resources.exe
10/7/2020 - 17:46:40.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:40.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:40.418Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:40.418Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:46:40.418Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\pt\dsEAa.resources.dll
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\pt\dsEAa.resources\dsEAa.resources.dll
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\pt\dsEAa.resources.exe
10/7/2020 - 17:46:40.418Open1480C:\malware.exeC:\pt\dsEAa.resources\dsEAa.resources.exe
10/7/2020 - 17:46:40.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:46:40.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:13.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:13.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.903Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 17:47:13.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:47:13.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:47:13.903Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:47:13.903Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:47:13.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:13.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:14.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:14.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:14.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:14.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:15.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:15.528Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:15.528Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:15.668Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:15.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:15.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:15.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:15.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:16.90Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:16.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.325Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:47:16.325Open1480C:\malware.exeC:\VERSION.dll
10/7/2020 - 17:47:16.325Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:16.325Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:16.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:16.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:16.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:16.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:17.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:17.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:17.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:17.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt-BR\Lazarus.resources.dll
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt-BR\Lazarus.resources\Lazarus.resources.dll
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt-BR\Lazarus.resources.exe
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt-BR\Lazarus.resources\Lazarus.resources.exe
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt\Lazarus.resources.dll
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt\Lazarus.resources\Lazarus.resources.dll
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt\Lazarus.resources.exe
10/7/2020 - 17:47:18.903Open1480C:\malware.exeC:\pt\Lazarus.resources\Lazarus.resources.exe
10/7/2020 - 17:47:18.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:18.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:18.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:19.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:19.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:19.887Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.887Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:19.887Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:19.887Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
10/7/2020 - 17:47:19.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:19.981Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:19.981Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 17:47:20.28Read1496C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:47:20.28Open1496C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:20.28Open1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.28Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.28Read1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 17:47:20.28Read876C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 17:47:20.28Open876C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Monitor\Malware
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:20.28Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:20.28Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:20.43Unknown876C:\malware.exeC:\Windows\assembly
10/7/2020 - 17:47:20.43Open876C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.106Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.106Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:20.106Unknown876C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:20.106Open876C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[5].XML
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:20.106Open1496C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[5].XML
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:20.122Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:20.122Read876C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:20.122Unknown876C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:20.137Unknown876C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.137Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\MSVCP60.dll
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\SysWOW64\msvcp60.dll
10/7/2020 - 17:47:20.122Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:20.137Open876C:\malware.exeC:\Windows\SysWOW64\msvcp60.dll
10/7/2020 - 17:47:20.137Unknown1496C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:20.137Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.137Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.137Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:20.137Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:20.137Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:20.137Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\WINMM.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\winmm.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\winmm.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\version.DLL
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:20.153Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.153Open876C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.137Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Globalization
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\System32
10/7/2020 - 17:47:20.153Open1496C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.153Unknown1496C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[5].XML
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:20.168Read1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[5].XML
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 17:47:20.168Open1496C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 17:47:20.168Read1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:20.168Unknown1496C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 17:47:20.184Unknown1496C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.184Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:20.200Open1480C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 17:47:20.200Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:20.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:20.200Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:20.200Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:20.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:20.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:20.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116046
10/7/2020 - 17:47:20.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116046
10/7/2020 - 17:47:20.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116046
10/7/2020 - 17:47:20.278Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.278Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:20.372Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.372Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:20.372Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Read876C:\malware.exeC:\malware.exe
10/7/2020 - 17:47:20.434Write876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:20.434Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:20.668Write876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:20.715Open876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:20.715Unknown876C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:20.715Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.715Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:20.715Open876C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:20.715Open876C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:20.715Open876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.715Open876C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:20.762Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\PROPSYS.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\malware.exe.Local
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:47:20.762Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\WindowsShell.Manifest
10/7/2020 - 17:47:20.762Unknown876C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
10/7/2020 - 17:47:20.762Read876C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:47:20.762Open876C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Windows\System32\propsys.dll
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Windows\System32\propsys.dll
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.778Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users\desktop.ini
10/7/2020 - 17:47:20.778Read876C:\malware.exeC:\Users\desktop.ini
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.778Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.778Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
10/7/2020 - 17:47:20.778Read876C:\malware.exeC:\Users\Behemot\Searches\desktop.ini
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.778Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.778Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.778Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.778Open876C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
10/7/2020 - 17:47:20.778Read876C:\malware.exeC:\Users\Behemot\Videos\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Pictures\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Contacts\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Favorites\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Music\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Music\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Downloads\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Documents\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Links\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Links\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
10/7/2020 - 17:47:20.793Read876C:\malware.exeC:\Users\Behemot\Saved Games\desktop.ini
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\apphelp.dll
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:20.793Open876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.793Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:20.872Open876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.872Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.872Open876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.872Unknown876C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:20.872Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:20.872Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Read876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Read876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.59Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\Windows\SysWOW64\shdocvw.dll
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.75Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\
10/7/2020 - 17:47:21.75Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:21.75Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.75Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Secur32.dll
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.153Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.153Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.168Open876C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 17:47:21.168Open876C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 17:47:21.168Unknown876C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 17:47:21.168Open876C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 17:47:21.168Unknown876C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat:Zone.Identifier
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Write876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Read876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Open876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.215Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.278Unknown876C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.278Open876C:\malware.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.278Open876C:\malware.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.278Open876C:\malware.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.278Open876C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.293Open876C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.293Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
10/7/2020 - 17:47:21.293Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
10/7/2020 - 17:47:21.293Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
10/7/2020 - 17:47:21.293Unknown876C:\malware.exeC:\Windows
10/7/2020 - 17:47:21.293Unknown876C:\malware.exeC:\Monitor
10/7/2020 - 17:47:21.293Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:21.293Unknown876C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.309Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.309Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
10/7/2020 - 17:47:21.325Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.325Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:21.325Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.340Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.340Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.606Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor\"C:\Users\Behemot\AppData\Local\Temp\install.bat"
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.606Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.606Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.622Read308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:21.622Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.622Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:21.637Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:21.637Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:21.637Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:21.653Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ui\SwDRM.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\Prefetch\PING.EXE-371F41E2.pf
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows
10/7/2020 - 17:47:21.700Unknown2940C:\Windows\SysWOW64\PING.EXEC:\Windows
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Monitor
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:21.700Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\pt-BR\ping.exe.mui
10/7/2020 - 17:47:21.715Read2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\pt-BR\ping.exe.muiping.exe.mui
10/7/2020 - 17:47:21.715Read2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:21.715Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:21.715Unknown2940C:\Windows\SysWOW64\PING.EXEC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:22.168Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 17:47:22.168Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 17:47:22.168Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 17:47:22.168Open2940C:\Windows\SysWOW64\PING.EXEC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 17:47:23.575Unknown2940C:\Windows\SysWOW64\PING.EXEC:\Windows
10/7/2020 - 17:47:23.575Unknown2940C:\Windows\SysWOW64\PING.EXEC:\Monitor
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.622Read308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.622Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.622Read308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.622Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\ui\SwDRM.dll
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Read308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Monitor\Files\DeletedFiles
10/7/2020 - 17:47:23.637Delete308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 17:47:23.637Open308C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Local\Temp\install.bat
10/7/2020 - 17:47:23.637Read308C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Windows
10/7/2020 - 17:47:23.637Unknown308C:\Windows\SysWOW64\cmd.exeC:\Monitor
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Prefetch\CHROME.EXE-02A57524.pf
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:23.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Monitor
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:23.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:47:23.653Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.config
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.684Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.684Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:23.684Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:23.684Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:23.684Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.Local
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:23.700Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.700Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.700Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.700Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.700Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.config
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:23.700Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.700Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.715Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:23.715Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.config
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.Local
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:23.825Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Read2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:23.825Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:23.825Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 17:47:23.840Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:47:23.840Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 17:47:23.856Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 17:47:23.856Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.Local
10/7/2020 - 17:47:23.856Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:23.856Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:23.856Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:23.856Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:23.856Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\ahronbd.ttf
10/7/2020 - 17:47:23.903Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.903Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.config
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\dsEAa.resources.dll
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\dsEAa.resources\dsEAa.resources.dll
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\dsEAa.resources.exe
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\dsEAa.resources\dsEAa.resources.exe
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.Local
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.918Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.918Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.934Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\dsEAa.resources.dll
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\dsEAa.resources\dsEAa.resources.dll
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\dsEAa.resources.exe
10/7/2020 - 17:47:23.934Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\dsEAa.resources\dsEAa.resources.exe
10/7/2020 - 17:47:56.950Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
10/7/2020 - 17:47:56.950Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:47:56.950Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:47:56.950Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 17:47:56.950Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\VERSION.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 17:47:57.75Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\Lazarus.resources.dll
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\Lazarus.resources\Lazarus.resources.dll
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\Lazarus.resources.exe
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\Lazarus.resources\Lazarus.resources.exe
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\Lazarus.resources.dll
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\Lazarus.resources\Lazarus.resources.dll
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\Lazarus.resources.exe
10/7/2020 - 17:47:57.168Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\Lazarus.resources\Lazarus.resources.exe
10/7/2020 - 17:47:57.231Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:57.247Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:57.247Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 17:47:57.247Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Prefetch\CHROME.EXE-02A57524.pf
10/7/2020 - 17:47:57.293Read1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Prefetch\CHROME.EXE-02A57524.pfCHROME.EXE-02A57524.pf
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:57.293Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 17:47:57.293Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 17:47:57.293Read1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 17:47:57.340Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2140.1215234
10/7/2020 - 17:47:57.340Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2140.1215234
10/7/2020 - 17:47:57.340Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2140.1215250
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:57.340Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:57.340Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:57.356Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:57.356Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:57.418Read1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
10/7/2020 - 17:47:57.418Read1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.418Read1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\locale.nls
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\tahoma.ttf
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msjh.ttf
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\msyh.ttf
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\malgun.ttf
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\micross.ttf
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Fonts\segoeui.ttf
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\user32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 17:47:57.418Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exe\Device\HarddiskVolume2
10/7/2020 - 17:47:57.418Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.418Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:57.418Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64.dll
10/7/2020 - 17:47:57.418Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:57.418Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 17:47:57.418Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:57.434Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 17:47:57.434Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 17:47:57.434Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.434Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Monitor
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\MSVCP60.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msvcp60.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\msvcp60.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\WINMM.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\winmm.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\winmm.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\version.DLL
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\chrome.exe.Local
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.450Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.450Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.450Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.450Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\CRYPTSP.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\RpcRtRemote.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:57.465Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:57.465Open2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 17:47:57.465Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 17:47:57.481Unknown1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\mswsock.dll
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\nlaapi.dll
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\NapiNSP.dll
10/7/2020 - 17:47:57.481Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\NapiNSP.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\pnrpnsp.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\pnrpnsp.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\DNSAPI.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\dnsapi.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\winrnr.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\winrnr.dll
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 17:47:57.543Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
10/7/2020 - 17:47:57.606Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\rasadhlp.dll
10/7/2020 - 17:47:57.606Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rasadhlp.dll
10/7/2020 - 17:47:57.606Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\rasadhlp.dll
10/7/2020 - 17:47:57.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows
10/7/2020 - 17:47:57.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Monitor
10/7/2020 - 17:47:57.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 17:47:57.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 17:47:57.653Unknown2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 17:47:59.387Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\IPHLPAPI.DLL
10/7/2020 - 17:47:59.387Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 17:47:59.387Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
10/7/2020 - 17:47:59.387Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\WINNSI.DLL
10/7/2020 - 17:47:59.387Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 17:47:59.387Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Windows\SysWOW64\winnsi.dll
10/7/2020 - 17:48:7.606Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
10/7/2020 - 17:48:7.606Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
10/7/2020 - 17:48:7.606Open1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
10/7/2020 - 17:48:7.606Write1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat

Process
Trace
10/7/2020 - 17:47:19.887Create1480C:\malware.exe1496C:\malware.exe
10/7/2020 - 17:47:19.981Create1480C:\malware.exe876C:\malware.exe
10/7/2020 - 17:47:20.200Terminate1480C:\malware.exe1496C:\malware.exe
10/7/2020 - 17:47:21.278Create876C:\malware.exe308C:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:21.293Terminate1480C:\malware.exe876C:\malware.exe
10/7/2020 - 17:47:21.637Create308C:\Windows\SysWOW64\cmd.exe2940C:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:23.575Terminate308C:\Windows\SysWOW64\cmd.exe2940C:\Windows\SysWOW64\PING.EXE
10/7/2020 - 17:47:23.622Create308C:\Windows\SysWOW64\cmd.exe2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:23.637Terminate876C:\malware.exe308C:\Windows\SysWOW64\cmd.exe
10/7/2020 - 17:47:57.231Create2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exe1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exe
10/7/2020 - 17:47:57.653Terminate308C:\Windows\SysWOW64\cmd.exe2140C:\Users\Behemot\AppData\Roaming\remcos\chrome.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 17:45:53.106Write1480C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
10/7/2020 - 17:47:20.434Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runchrome
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 17:47:21.153Write876C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
10/7/2020 - 17:47:57.481Write1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runchrome
10/7/2020 - 17:47:57.481Write1664C:\Users\Behemot\AppData\Roaming\remcos\chrome.exeHKCU\Software\remcos_nzxbctlujszrndvEXEpath

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code gozman11.duckdns.org.
computer localhost arrow_forward computer gateway:50273 code gozman11.duckdns.org.

Response
computer gateway:DNS arrow_forward computer localhost code gozman11.duckdns.org. reply_all 194.5.97.18


TCP
Info
computer localhost:65197 arrow_forward 194.5.97.18:6642
computer localhost:65211 arrow_forward 194.5.97.18:6642
computer localhost:65201 arrow_forward 194.5.97.18:6642
computer localhost:65221 arrow_forward 194.5.97.18:6642
computer localhost:65206 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65217
computer localhost:65193 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65197
194.5.97.18:6642 arrow_forward computer localhost:65215
computer localhost:65192 arrow_forward 194.5.97.18:6642
computer localhost:65191 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65209
computer localhost:65216 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65206
computer localhost:65219 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65203
computer localhost:65200 arrow_forward 194.5.97.18:6642
computer localhost:65209 arrow_forward 194.5.97.18:6642
computer localhost:65217 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65199
194.5.97.18:6642 arrow_forward computer localhost:65213
computer localhost:65195 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65196
194.5.97.18:6642 arrow_forward computer localhost:65193
194.5.97.18:6642 arrow_forward computer localhost:65220
194.5.97.18:6642 arrow_forward computer localhost:65208
194.5.97.18:6642 arrow_forward computer localhost:65205
computer localhost:65220 arrow_forward 194.5.97.18:6642
computer localhost:65194 arrow_forward 194.5.97.18:6642
computer localhost:65214 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65202
194.5.97.18:6642 arrow_forward computer localhost:65219
computer localhost:65203 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65198
194.5.97.18:6642 arrow_forward computer localhost:65214
194.5.97.18:6642 arrow_forward computer localhost:65195
computer localhost:65202 arrow_forward 194.5.97.18:6642
computer localhost:65212 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65192
computer localhost:65215 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65204
194.5.97.18:6642 arrow_forward computer localhost:65221
194.5.97.18:6642 arrow_forward computer localhost:65201
194.5.97.18:6642 arrow_forward computer localhost:65212
194.5.97.18:6642 arrow_forward computer localhost:65218
computer localhost:65218 arrow_forward 194.5.97.18:6642
computer localhost:65196 arrow_forward 194.5.97.18:6642
computer localhost:65205 arrow_forward 194.5.97.18:6642
computer localhost:65208 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65194
194.5.97.18:6642 arrow_forward computer localhost:65210
194.5.97.18:6642 arrow_forward computer localhost:65191
computer localhost:65213 arrow_forward 194.5.97.18:6642
computer localhost:65204 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65200
computer localhost:65207 arrow_forward 194.5.97.18:6642
computer localhost:65199 arrow_forward 194.5.97.18:6642
computer localhost:65198 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65216
194.5.97.18:6642 arrow_forward computer localhost:65211
computer localhost:65210 arrow_forward 194.5.97.18:6642
194.5.97.18:6642 arrow_forward computer localhost:65207

UDP
Info
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 69.85%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 72.31%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 58.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 56.06%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.30%
suspicious: True check_circle

Add to Collection
Download