Report #10896 check_circle

  • Creation Date: July 10, 2020, 11:54 p.m.
  • Last Update: July 10, 2020, 11:58 p.m.
  • File: signed SC.exe
  • Results:
Binary
DLL
False cancel
Size
426.00KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
0488328507de4c8522e4121503c44c43
sha1
659ce531b94442d1ab39574001cecb038ffc170f
crc32
0x8e6adca8
sha224
40772409446746363d2e85e5c6f3b94dbf1617249688ad9912dedebc
sha256
8e5c41390f995c72ea749d6f141ec790ab5a61e843355592c2956ee01d8bb005
sha384
f077751e4368246857f96492cce4b77a0d9e9fae458b84bd1b2fd34345f3a1e1a71adaf9f073c5ba7dc429dc04d67e77
sha512
d0b627601635fb4e4f1cad65244381a353dbb8d3acf01975f1ddedf02d1b41304c1ef82468b962c6ff8298f1f538803d3bfcd532a3e29a65d1e218a5746e3ab5
ssdeep
12288:vZ1u1+4I/utb6RdQe5psTM/Eu0McKDqFs:O1LI/CmRje4syvB
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, HasDebugData, url, IP, NETDLLMicrosoft, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
test@testuri.com
C:\Users\Administrator\Desktop\Client\Temp\fmiYwKyFkS\src\obj\x86\Debug\tgumuQrVEVXOIkWiQmE.pdb
http://test.1g.io:3000
valid@testuri.com
R.hM
invalid @email.com
System.IO
System.IO
PTestGameVars.Save
System.Net
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
OneGame.Properties
OneGame.Properties
OneGame.Properties
PTestAchievements.Save
PTestAchievements.Stream
System.Security.Cryptography
System.Security.Cryptography
OneGame.Properties.Resources.resources
9.tyh
Score.dat
Questions.dat
16.0.0.0
4.0.2.0
4.0.2.0
4.0.2.0
4.0.2.0
PTestAchievements.Save#4
PTestAchievements.Save#2
PTestAchievements.Save#1
PTestAchievements.Save#3
Playtomic Xamarin / Mono.NET / C# tests
R1?ci
e:wmF
ODh,E
NeM&o
OneGame.Properties.Resources
Ok! I got it.
get_votes
get_awarded
get_playerid
set_awarded
set_playerid
get_player
set_player
timer_Tick
a%E2t
Nothing went wrong!
o%u~A
Cs&f%a
R%i?#_
r%3ASc
Mini Game with C#
response
3System.Resources.Tools.StronglyTypedResourceBuilder
D%i(MIHK
Your answer was wrong
Your answer was wrong
TOKEN_COMMA
player
this is the level data
Player has already rated that level
votes
awarded
received
MulticastDelegate
builder
expected
finished
get_submitted
set_submitted
Invalid game credentials. Make sure you use the right public and private keys
System.Windows.Forms
UlFm%nL
Software Update.dll
Software Update.dll
0123456789+-.eE
Software Update2.dll
TOKEN_FALSE
TOKEN_SQUARED_OPEN
TOKEN_CURLY_OPEN
TOKEN_CURLY_CLOSE
TOKEN_NULL
submitted
TOKEN_STRING
TOKEN_NUMBER
TOKEN_COLON
TOKEN_NONE
TOKEN_TRUE
tgumuQrVEVXOIkWiQmE.exe
tgumuQrVEVXOIkWiQmE.exe
tgumuQrVEVXOIkWiQmE.exe
%af mi
General error, this typically means the player is unable to connect to the server
mscoree.dll
mscoree.dll
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADi
set_friends
get_friends

Foremost
Matches
0.exe, 426 KB, 111.png, 323 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://test.1g.io:3000
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: Software Update.dll, mscoree.dll, Software Update2.dll
hasFiles: True check_circle
Suspicious: Score.dat, Questions.dat
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2560
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 440994
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious: software update.dll, software update2.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-15 05:16:36
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
388369
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 213

pushpopmath
.text: 173

ss register
.text: 4

garbagebytes
.text: 56

hookdetection
.text: 4

software breakpoint
.text: 6

fakeconditionaljumps
.text: 7

programcontrolflowchange
.text: 51

cpuinstructionsresultscomparison
.rsrc: 1
.text: 14

AVclass
randet
1
VirusTotal
md5
0488328507de4c8522e4121503c44c43
sha1
659ce531b94442d1ab39574001cecb038ffc170f
SCANS (DETECTION RATE = 52.05%)
AVG
result: FileRepMalware
update: 20200616
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200616
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200616
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200616
version: 6.37
detected: True check_circle

Bkav
update: 20200616
version: 1.3.0.9899
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20200615
version: 11.116.34413
detected: True check_circle

ALYac
update: 20200616
version: 1.1.1.5
detected: False cancel

Avast
result: FileRepMalware
update: 20200616
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.AgentTesla.ypavt
update: 20200616
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200616
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Agent.BKB.gen!Eldorado
update: 20200616
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.DownLoader33.54687
update: 20200616
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.43343388
update: 20200616
version: A:25.25936B:27.19110
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200615
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200615
version: 4.4.1
detected: False cancel

VIPRE
update: 20200616
version: 84506
detected: False cancel

Zoner
update: 20200615
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200615
version: 0.102.3.0
detected: False cancel

Comodo
update: 20200616
version: 32540
detected: False cancel

F-Prot
update: 20200616
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Inject
update: 20200615
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!0488328507DE
update: 20200616
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Randet!8.10258 (CLOUD)
update: 20200616
version: 25.0.0.25
detected: True check_circle

Sophos
result: Troj/Steal-WV
update: 20200616
version: 4.98.0
detected: True check_circle

Yandex
update: 20200615
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200615
version: 2.0.0.4110
detected: False cancel

Acronis
update: 20200603
version: 1.1.1.76
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Generic.D29561B6
update: 20200616
version: 1.0.0.875
detected: True check_circle

Cylance
result: Unsafe
update: 20200616
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20200608
version: 4.0.5
detected: False cancel

FireEye
result: Trojan.GenericKD.43343388
update: 20200616
version: 32.31.0.0
detected: True check_circle

Sangfor
update: 20200423
version: 1.0
detected: False cancel

TACHYON
update: 20200616
version: 2020-06-16.01
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200616
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200615
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200616
version: 1.0.0.403
detected: False cancel

eGambit
result: Unsafe.AI_Score_99%
update: 20200616
detected: True check_circle

Ad-Aware
result: Trojan.GenericKD.43343388
update: 20200616
version: 3.0.5.370
detected: True check_circle

AegisLab
update: 20200616
version: 4.2
detected: False cancel

Emsisoft
result: Trojan.GenericKD.43343388 (B)
update: 20200616
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.AgentTesla.ypavt
update: 20200615
version: 12.0.86.52
detected: True check_circle

Fortinet
result: Malicious_Behavior.SB
update: 20200616
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200615
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200616
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200616
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200615
version: 1.11.0.0
detected: True check_circle

Trapmine
update: 20200505
version: 3.2.25.947
detected: False cancel

AhnLab-V3
update: 20200615
version: 3.18.0.10004
detected: False cancel

Antiy-AVL
update: 20200616
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan.MSIL.Injuke.gen
update: 20200616
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200615
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Randet.A!plock
update: 20200616
version: 1.1.17100.2
detected: True check_circle

Qihoo-360
result: Generic/Trojan.903
update: 20200616
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan.MSIL.Injuke.gen
update: 20200616
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.WIO
update: 20200616
version: 21499
detected: True check_circle

TrendMicro
update: 20200616
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.43343388
update: 20200616
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_70% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20200615
version: 11.116.34412
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200601
version: 4.3.0.105
detected: True check_circle

Avast-Mobile
update: 20200615
version: 200615-00
detected: False cancel

Malwarebytes
result: Trojan.Crypt.MSIL
update: 20200616
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
update: 20200615
version: 14.00
detected: False cancel

NANO-Antivirus
update: 20200616
version: 1.0.134.25119
detected: False cancel

BitDefenderTheta
update: 20200609
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.43343388
update: 20200616
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200612
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20200615
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20200616
version: 10.0.0.1040
detected: False cancel

total
73
sha256
8e5c41390f995c72ea749d6f141ec790ab5a61e843355592c2956ee01d8bb005
scan_id
8e5c41390f995c72ea749d6f141ec790ab5a61e843355592c2956ee01d8bb005-1592278781
resource
0488328507de4c8522e4121503c44c43
positives
38
scan_date
2020-06-16 03:39:41
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:43.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\
10/7/2020 - 22:45:43.575Unknown1480C:\malware.exeC:\
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:45:43.575Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:45:43.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:43.575Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:43.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:43.606Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:43.606Open1480C:\malware.exeC:\malware.exe.config
10/7/2020 - 22:45:43.606Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 22:45:43.747Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 22:45:43.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 22:45:43.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 22:45:43.793Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:45:43.887Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:43.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.903Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:43.903Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:43.903Open1480C:\malware.exeC:\
10/7/2020 - 22:45:43.903Unknown1480C:\malware.exeC:\
10/7/2020 - 22:45:43.903Open1480C:\malware.exeC:\Monitor
10/7/2020 - 22:45:43.903Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 22:45:43.903Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:43.903Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:43.903Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:43.903Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:43.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:45:43.918Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\malware.config
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:43.918Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:43.918Open1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:43.918Unknown1480C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:43.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.200Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 22:45:44.387Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.434Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:45:44.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:45:44.715Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:45:44.903Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:45:44.903Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:45:44.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:44.903Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:44.903Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:44.918Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 22:45:44.918Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:45:44.934Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:44.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:44.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:44.934Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:44.981Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.168Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 22:45:45.168Open1480C:\malware.exeC:\VERSION.dll
10/7/2020 - 22:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:45:45.168Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:45:45.168Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:45.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:45:45.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:45.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.590Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:45.590Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 22:45:45.731Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 22:45:45.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:45.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.200Open1480C:\malware.exeC:\malware.config
10/7/2020 - 22:45:46.200Open1480C:\malware.exeC:\pt-BR\tgumuQrVEVXOIkWiQmE.resources.dll
10/7/2020 - 22:45:46.200Open1480C:\malware.exeC:\pt-BR\tgumuQrVEVXOIkWiQmE.resources\tgumuQrVEVXOIkWiQmE.resources.dll
10/7/2020 - 22:45:46.200Open1480C:\malware.exeC:\pt-BR\tgumuQrVEVXOIkWiQmE.resources.exe
10/7/2020 - 22:45:46.200Open1480C:\malware.exeC:\pt-BR\tgumuQrVEVXOIkWiQmE.resources\tgumuQrVEVXOIkWiQmE.resources.exe
10/7/2020 - 22:45:46.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:45:46.247Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:46.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:46.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:45:46.434Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\pt\tgumuQrVEVXOIkWiQmE.resources.dll
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\pt\tgumuQrVEVXOIkWiQmE.resources\tgumuQrVEVXOIkWiQmE.resources.dll
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\pt\tgumuQrVEVXOIkWiQmE.resources.exe
10/7/2020 - 22:45:46.434Open1480C:\malware.exeC:\pt\tgumuQrVEVXOIkWiQmE.resources\tgumuQrVEVXOIkWiQmE.resources.exe
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:46.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:47.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:47.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.731Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:45:47.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:45:48.12Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:45:48.153Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.153Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:45:48.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:48.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:49.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:45:49.372Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.372Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:49.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:49.981Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:45:49.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:50.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:24.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:24.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:25.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:25.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:26.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:26.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:26.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:26.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:27.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:27.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:27.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:27.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:27.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:27.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:27.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:27.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:27.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:27.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:27.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:27.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/7/2020 - 22:46:27.559Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:27.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:27.559Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:27.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:27.559Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 22:46:27.606Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/7/2020 - 22:46:27.653Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:27.653Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:27.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:27.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:27.700Open1480C:\malware.exeC:\WindowsCodecs.dll
10/7/2020 - 22:46:27.700Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 22:46:27.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 22:46:27.700Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
10/7/2020 - 22:46:27.700Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
10/7/2020 - 22:46:27.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:27.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:32.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:32.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:33.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:33.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:33.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.325Open1480C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
10/7/2020 - 22:46:34.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:34.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:34.559Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.700Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:34.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:35.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.293Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:36.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:36.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:36.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:37.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:37.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:37.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:37.231Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 22:46:37.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:37.278Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:37.278Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:37.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:37.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:37.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:37.465Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.559Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:37.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:46:37.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:37.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:37.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.700Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:46:37.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.700Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:46:37.793Open1480C:\malware.exeC:\shfolder.dll
10/7/2020 - 22:46:37.793Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 22:46:37.793Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 22:46:38.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:38.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.497Open1480C:\malware.exeC:\ntmarta.dll
10/7/2020 - 22:46:38.497Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
10/7/2020 - 22:46:38.497Open1480C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
10/7/2020 - 22:46:38.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:38.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:38.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.590Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:38.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.684Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.684Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.684Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:38.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.684Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:38.684Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.684Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.684Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.684Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.684Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.731Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.731Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.731Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.731Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.731Read1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:38.731Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:38.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:38.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:38.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:39.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:39.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:39.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exe
10/7/2020 - 22:46:39.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:39.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:39.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\ndahGZEzQcsk.exendahGZEzQcsk.exe
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 22:46:39.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
10/7/2020 - 22:46:39.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:39.168Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:39.168Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:39.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Monitor
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\PROPSYS.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\WindowsShell.Manifest
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\apphelp.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.356Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.356Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Read1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.372Unknown1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 22:46:39.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 22:46:39.434Unknown1480C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.434Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Monitor\schtasks.exe
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\
10/7/2020 - 22:46:39.434Unknown1480C:\malware.exeC:\
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.434Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.434Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
10/7/2020 - 22:46:39.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
10/7/2020 - 22:46:39.450Read1480C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\System32\propsys.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\propsys.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\System32\propsys.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Secur32.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\secur32.dll
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Monitor
10/7/2020 - 22:46:39.450Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 22:46:39.450Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\
10/7/2020 - 22:46:39.465Unknown1480C:\malware.exeC:\
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.465Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.465Unknown1480C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.465Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.465Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.465Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
10/7/2020 - 22:46:39.465Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 22:46:39.543Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 22:46:39.543Open2424C:\Windows\SysWOW64\schtasks.exeC:\Monitor
10/7/2020 - 22:46:39.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:39.747Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:39.762Read2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:46:39.809Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:39.809Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:40.12Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
10/7/2020 - 22:46:40.12Open2424C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
10/7/2020 - 22:46:40.106Open2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:40.106Read2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:40.106Read2424C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:41.653Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Windows
10/7/2020 - 22:46:41.653Unknown2424C:\Windows\SysWOW64\schtasks.exeC:\Monitor
10/7/2020 - 22:46:41.653Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:41.653Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
10/7/2020 - 22:46:41.653Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:41.653Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmpDD0F.tmp
10/7/2020 - 22:46:41.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:41.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:41.762Open1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.762Unknown1480C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/7/2020 - 22:46:41.809Read2856C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
10/7/2020 - 22:46:41.809Open2856C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\ProgramData
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\ProgramData
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\ProgramData
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\ProgramData\Microsoft
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\ProgramData\Microsoft
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\ProgramData\Microsoft
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\ProgramData\Microsoft\Windows Defender
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\ProgramData\Microsoft\Windows Defender
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\ProgramData\Microsoft\Windows Defender
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\Favorites
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:41.809Read2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:41.809Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:41.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:41.809Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\Globalization
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\Globalization
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\Globalization
10/7/2020 - 22:46:41.809Open2856C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 22:46:41.809Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\apisetschema.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[1].XML
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:41.825Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
10/7/2020 - 22:46:41.825Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\C[1].GIF
10/7/2020 - 22:46:41.825Read2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\locale.nls
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[1].XML
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:41.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1115281
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\C[1].GIF
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\System32\mctres.dll
10/7/2020 - 22:46:41.840Read2856C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
10/7/2020 - 22:46:41.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1115328
10/7/2020 - 22:46:41.840Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1115421
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\ntdll.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\kernel32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\user32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\user32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\lpk.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\usp10.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\msctf.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\shell32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\ole32.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\profapi.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exe\Device\HarddiskVolume2
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64win.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64cpu.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\System32\wow64log.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.840Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:41.840Open2856C:\malware.exeC:\Windows\SysWOW64\sechost.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\SysWOW64\imm32.dll
10/7/2020 - 22:46:41.856Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\malware.exe.config
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/7/2020 - 22:46:41.856Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.856Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:41.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:41.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:41.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:41.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:41.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\malware.exe.config
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/7/2020 - 22:46:41.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.872Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:41.872Open2856C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
10/7/2020 - 22:46:41.872Unknown1480C:\malware.exeC:\Windows
10/7/2020 - 22:46:41.872Unknown1480C:\malware.exeC:\Monitor
10/7/2020 - 22:46:41.872Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.872Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.872Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/7/2020 - 22:46:41.872Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:41.950Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\malware.config
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.950Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.950Unknown2856C:\malware.exeC:\Monitor\Malware
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.950Unknown2856C:\malware.exeC:\malware.exe
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:41.950Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/7/2020 - 22:46:41.997Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:41.997Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.997Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.997Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:41.997Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\pubpol4.dat
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:42.59Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:46:42.59Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:42.59Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:42.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.106Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.153Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.293Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.340Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.387Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.434Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.481Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.528Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.575Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.622Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.715Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.762Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:42.809Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:42.856Unknown2856C:\malware.exeC:\Users\Behemot
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:42.856Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Roaming
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\Globalization\pt-br.nlp
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:42.856Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\bcrypt.dll
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 22:46:42.856Open2856C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
10/7/2020 - 22:46:42.903Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:42.950Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:42.997Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.90Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.184Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.231Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.278Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.325Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.372Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.465Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.512Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.559Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.653Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.700Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.747Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.793Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.840Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.934Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:43.981Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.75Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.122Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.168Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.215Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.262Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.309Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.356Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.403Open2856C:\malware.exeC:\dwmapi.dll
10/7/2020 - 22:46:44.403Open2856C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 22:46:44.403Open2856C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
10/7/2020 - 22:46:44.403Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.528Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.575Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.622Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\VERSION.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\SysWOW64\version.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:46:44.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.715Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.762Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.809Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.856Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.903Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.950Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:44.997Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:45.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:45.90Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:46:45.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:56.528Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:56.575Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:56.622Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:56.668Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:56.715Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/7/2020 - 22:46:56.809Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\CRYPTSP.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Open2856C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
10/7/2020 - 22:46:56.809Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:56.918Open2856C:\malware.exeC:\RpcRtRemote.dll
10/7/2020 - 22:46:56.918Open2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 22:46:56.918Unknown2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 22:46:56.918Open2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
10/7/2020 - 22:46:56.918Unknown2856C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 22:46:56.965Unknown2856C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 22:46:56.965Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
10/7/2020 - 22:46:56.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 22:46:56.981Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
10/7/2020 - 22:46:57.215Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 22:46:57.215Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
10/7/2020 - 22:46:57.684Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 22:46:57.684Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
10/7/2020 - 22:46:57.684Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/7/2020 - 22:46:57.684Open2856C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 22:46:57.684Open2856C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.106Open2856C:\malware.exeC:\SXS.DLL
10/7/2020 - 22:46:58.106Open2856C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 22:46:58.106Open2856C:\malware.exeC:\Windows\SysWOW64\sxs.dll
10/7/2020 - 22:46:58.106Open2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.106Open2856C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/7/2020 - 22:46:58.122Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.122Read2856C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/7/2020 - 22:46:58.122Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:58.590Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.590Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:58.590Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.590Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.590Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.590Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.606Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.606Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:46:58.606Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:58.606Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:58.606Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:46:58.606Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.606Unknown2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:58.622Open2856C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/7/2020 - 22:46:59.543Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 22:46:59.543Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:59.543Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:59.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:46:59.653Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.653Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.747Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.793Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:46:59.840Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:46:59.887Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 22:46:59.934Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:59.934Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 22:46:59.934Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:46:59.981Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:47:0.28Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:47:0.75Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:47:0.122Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/7/2020 - 22:47:0.122Unknown2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:47:0.122Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:47:0.122Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:0.122Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:0.122Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:0.122Read2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
10/7/2020 - 22:47:0.122Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
10/7/2020 - 22:47:0.309Read2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:47:0.637Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/7/2020 - 22:47:7.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:7.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:7.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:7.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:10.981Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:11.28Read2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:47:18.340Open2856C:\malware.exeC:\%insfolder%\%insname%
10/7/2020 - 22:47:29.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:29.731Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:29.778Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:29.825Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
10/7/2020 - 22:47:29.872Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:29.918Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:29.965Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:30.12Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.168Open2856C:\malware.exeC:\shfolder.dll
10/7/2020 - 22:47:30.168Open2856C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 22:47:30.168Open2856C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
10/7/2020 - 22:47:30.168Open2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:47:30.168Unknown2856C:\malware.exeC:\Users\Behemot\AppData\Local
10/7/2020 - 22:47:30.168Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:30.231Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.278Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.418Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
10/7/2020 - 22:47:30.481Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\Windows\Globalization\en-us.nlp
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\malware.config
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:30.497Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:30.497Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:30.497Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:30.543Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:30.543Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/7/2020 - 22:47:30.543Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:30.543Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:30.543Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:30.543Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/7/2020 - 22:47:30.543Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:30.543Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:30.543Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:30.590Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:30.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.731Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/7/2020 - 22:47:30.731Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.778Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.825Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.872Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.918Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:30.965Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:31.12Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:31.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:31.106Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
10/7/2020 - 22:47:31.106Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:31.153Open2856C:\malware.exeC:\vaultcli.dll
10/7/2020 - 22:47:31.153Open2856C:\malware.exeC:\vaultcli.dll
10/7/2020 - 22:47:31.153Open2856C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 22:47:31.153Open2856C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
10/7/2020 - 22:47:32.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/7/2020 - 22:47:32.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Windows\SysWOW64\mpr.dll
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 22:47:32.28Open2856C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
10/7/2020 - 22:47:32.43Open2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.43Open2856C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
10/7/2020 - 22:47:32.43Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
10/7/2020 - 22:47:32.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.59Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\Program Files (x86)
10/7/2020 - 22:47:32.122Unknown2856C:\malware.exeC:\Program Files (x86)
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\FTP Navigator\Ftplist.txt
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/7/2020 - 22:47:32.122Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/7/2020 - 22:47:32.137Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Storage
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\mail
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 22:47:32.184Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\malware.exe.Local
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:32.278Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:32.278Unknown2856C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/7/2020 - 22:47:32.278Open2856C:\malware.exeC:\Monitor\Folder.lst
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:32.293Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:32.293Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.293Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
10/7/2020 - 22:47:32.309Open2856C:\malware.exeC:\cftp\Ftplist.txt
10/7/2020 - 22:47:32.309Read2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
10/7/2020 - 22:47:32.356Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.403Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
10/7/2020 - 22:47:32.497Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 22:47:32.606Unknown2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.606Open2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/7/2020 - 22:47:32.606Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.653Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.700Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.747Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.793Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.840Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.887Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.934Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:32.981Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.28Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.75Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.122Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.168Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.215Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.262Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.309Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.356Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.403Open2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:47:33.450Unknown2856C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/7/2020 - 22:47:33.450Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.497Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.543Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.590Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.637Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.684Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.731Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.778Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.825Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.872Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.918Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:33.965Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.12Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.59Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.106Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.153Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.200Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.247Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.293Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
10/7/2020 - 22:47:34.340Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
10/7/2020 - 22:47:34.340Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 22:47:34.387Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
10/7/2020 - 22:47:34.450Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 22:47:34.450Open2856C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
10/7/2020 - 22:47:41.200Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:41.200Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:41.200Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:41.200Open2856C:\malware.exeC:\Windows\SysWOW64\tzres.dll
10/7/2020 - 22:47:47.856Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
10/7/2020 - 22:47:47.903Read2856C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll

Process
Trace
10/7/2020 - 22:46:39.465Create1480C:\malware.exe2424C:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:41.653Terminate1480C:\malware.exe2424C:\Windows\SysWOW64\schtasks.exe
10/7/2020 - 22:46:41.762Create1480C:\malware.exe2856C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
10/7/2020 - 22:46:39.450Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 70.19%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 78.53%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 56.42%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 91.29%
suspicious: False cancel

Add to Collection
Download