Report #11329 check_circle

  • Creation Date: Sept. 11, 2020, 3:04 a.m.
  • Last Update: Sept. 11, 2020, 3:08 a.m.
  • File: 0900009900pdf.exe
  • Results:
Binary
DLL
False cancel
Size
539.50KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
ff69f59ae77ee39cafdb4e7efb4accd7
sha1
998f7ed69e24b27371151aeb3d953643c8566878
crc32
0xa673b868
sha224
c6c391fc8820d70efe9dac252cc54bbd62edee961140400566036c0d
sha256
ed1aa53c89a6250abd5ec84f8458338150b89ba617d4ca9b8d1583658a2b44ef
sha384
4d6981b9daf510d2642e30e65f53a8f449454914fba12f254c692920d5e87ae11aa7babbbfbb0049b4c3fb3577e6b1e2
sha512
a457ce644c81831d757c7737364a22291c7db2194f457ea92f9de6a9560e25d12e9164b94dbd8b4048b7ed65d122b55944ce6212fb1f12d1ccb5c00693487b27
ssdeep
12288:0qQlQUR4+FBQaK0diwo/ociNFuggSLyczQq1Vwv0A5Tm8H40H:0/lQUR4+FSaK08wZogXjztuxxhHHH
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, android_meterpreter, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
My.Computer
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
System.ComponentModel.Design
B.Ps
9.Mg
W.mp
_2048.My
WSystem.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
WSystem.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
zSystem.Windows.Forms.AxHost+State, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PADP
zSystem.Windows.Forms.AxHost+State, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PADP
!System.Windows.Forms.AxHost+State
!System.Windows.Forms.AxHost+State
4System.Web.Services.Protocols.SoapHttpClientProtocol
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.6.0.0
16.0.0.0
11.0.0.0
WuPjhNPmCO.exe
WuPjhNPmCO.exe
WuPjhNPmCO.exe
_2048.My.Resources
A=Fh
&omya
0%dke,(m
h[!4ei%xD
S%e}ElSt0
2%E<2
System.Windows.Forms.Form
You won. Do you want to play again?
You ran out of time!
get_lblProgramName
Here is your score!
3System.Resources.Tools.StronglyTypedResourceBuilder
Please enter only one character
Are you sure you want to exit?
ptcIntro
lblProgramName
ptcIntro
lblProgramName
Next
VBMath
Winner
playerCountLabel
playerCountLabel
That is incorrect
That is correct
whichForm
alreadySelected
System.Windows.Forms
What Letter is Missing?
\WordsForGameHard.txt
\WordsForGame.txt
\WordsForGame1.txt
mscoree.dll
set_cmdGet2And16
get_cmdGet2And16
get_cmdGet1And16
set_cmdGet1And16
get_cmdGet2And8
get_cmdGet3And8
get_cmdGet1And8
set_cmdGet2And8
set_cmdGet1And8
set_cmdGet3And8
add_Shutdown
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADR|
set_cmdEasy
get_cmdEasy
get_cmdEnterAnswer
set_cmdEnterAnswer
set_cmdNormalMode
get_cmdNormalMode
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_cmdExit
set_cmdExit
cmdEasy_Click
get_ResourceManager
get_cmdChallengeMode
cmdExit_Click
set_ShutdownStyle
cmdNext_Click
cmdHard_Click
cmdSkip_Click
cmdBack_Click
cmdStart_Click
cmdEnglish_Click
cmdMath_Click
set_cmdNext
get_cmdStart

Foremost
Matches
0.exe, 539 KB, 261.png, 1 KB, 264.png, 1 KB, 267.png, 1 KB, 270.png, 1 KB, 273.png, 1 KB, 282.png, 379 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious: \WordsForGame.txt, \WordsForGameHard.txt, \WordsForGame1.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 80.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 557962
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-08-05 15:58:26
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 191

pushpopmath
.text: 166

ss register
.text: 5

garbagebytes
.text: 71

hookdetection
.text: 9

software breakpoint
.text: 4

fakeconditionaljumps
.text: 7

programcontrolflowchange
.text: 64

cpuinstructionsresultscomparison
.rsrc: 1
.text: 7

AVclass
dapato
1
VirusTotal
md5
ff69f59ae77ee39cafdb4e7efb4accd7
sha1
998f7ed69e24b27371151aeb3d953643c8566878
SCANS (DETECTION RATE = 68.57%)
AVG
result: Win32:MalwareX-gen [Trj]
update: 20200811
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200811
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=85)
update: 20200811
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200810
version: 6.58
detected: True check_circle

Bkav
update: 20200811
version: 1.3.0.9899
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20200811
version: 11.129.34963
detected: True check_circle

ALYac
result: Trojan.GenericKD.34300001
update: 20200811
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:MalwareX-gen [Trj]
update: 20200811
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.AgentTesla.gytae
update: 20200811
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200811
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.BIN.gen!Eldorado
update: 20200811
version: 6.3.0.2
detected: True check_circle

DrWeb
result: BackDoor.SpyBotNET.25
update: 20200811
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.GenericKD.34300001
update: 20200811
version: A:25.26564B:27.19766
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200811
version: 4.6.4.2
detected: True check_circle

VBA32
update: 20200811
version: 4.4.1
detected: False cancel

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200811
version: 85864
detected: True check_circle

Zoner
update: 20200811
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200810
version: 0.102.4.0
detected: False cancel

Comodo
update: 20200728
version: 32668
detected: False cancel

F-Prot
result: W32/MSIL_Kryptik.BIN.gen!Eldorado
update: 20200811
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.Inject
update: 20200811
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic Dropper
update: 20200811
version: 6.0.6.653
detected: True check_circle

Rising
result: Dropper.Dapato!8.2A2 (CLOUD)
update: 20200811
version: 25.0.0.26
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200811
version: 4.98.0
detected: True check_circle

Yandex
update: 20200707
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200810
version: 2.0.0.4151
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
result: TrojanDropper:MSIL/AgentTesla.ea578df2
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D20B6061
update: 20200811
version: 1.0.0.877
detected: True check_circle

Cylance
result: Unsafe
update: 20200811
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200727
version: 4.0.6
detected: True check_circle

FireEye
result: Generic.mg.ff69f59ae77ee39c
update: 20200811
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200811
version: 2020-08-11.02
detected: False cancel

Tencent
update: 20200811
version: 1.0.0.1
detected: False cancel

ViRobot
result: Trojan.Win32.Z.Malpack.552448
update: 20200811
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Msil.Dapato
update: 20200811
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20200811
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.34300001
update: 20200811
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Dapato.b!c
update: 20200811
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.34300001 (B)
update: 20200811
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/AD.AgentTesla.gytae
update: 20200811
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/GenKryptik.EPUA!tr
update: 20200811
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200811
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200811
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200811
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200811
version: 1.11.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.MSILKrypt.R347073
update: 20200811
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200811
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Trojan-Dropper.MSIL.Dapato.gen
update: 20200811
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Trojan:MSIL/AgentTesla.N!MTB
update: 20200811
version: 1.1.17300.4
detected: True check_circle

Qihoo-360
result: Generic/Trojan.Dropper.e44
update: 20200811
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-Dropper.MSIL.Dapato.gen
update: 20200811
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.XGF
update: 20200811
version: 21805
detected: True check_circle

TrendMicro
result: TROJ_GEN.R04CC0DH720
update: 20200811
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.34300001
update: 20200811
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_70% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20200811
version: 11.129.34965
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200725
version: 4.4.0.0
detected: True check_circle

Malwarebytes
result: Trojan.MalPack.PNG.Generic
update: 20200811
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200811
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanDropper.MSIL
update: 20200811
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dapato.hqrzcm
update: 20200811
version: 1.0.134.25119
detected: True check_circle

BitDefenderTheta
update: 20200805
version: 7.2.37796.0
detected: False cancel

MicroWorld-eScan
result: Trojan.GenericKD.34300001
update: 20200811
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200807
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R04CC0DH720
update: 20200811
version: 10.0.0.1040
detected: True check_circle

total
70
sha256
ed1aa53c89a6250abd5ec84f8458338150b89ba617d4ca9b8d1583658a2b44ef
scan_id
ed1aa53c89a6250abd5ec84f8458338150b89ba617d4ca9b8d1583658a2b44ef-1597171936
resource
ff69f59ae77ee39cafdb4e7efb4accd7
positives
48
scan_date
2020-08-11 18:52:16
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
11/9/2020 - 2:45:44.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:44.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:44.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:44.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:44.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:44.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:44.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:44.59Open1480C:\malware.exeC:\malware.exe.config
11/9/2020 - 2:45:44.387Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:45:44.809Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:44.809Unknown1480C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:44.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:45:44.809Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:45:44.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.387Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:45.434Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:45.481Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.184Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\
11/9/2020 - 2:45:46.184Unknown1480C:\malware.exeC:\
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Monitor
11/9/2020 - 2:45:46.184Unknown1480C:\malware.exeC:\Monitor
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.184Unknown1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.184Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:45:46.184Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:45:46.231Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\malware.config
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.231Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.231Unknown1480C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.231Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:46.231Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.231Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:46.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:46.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:46.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:46.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:46.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:45:46.278Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:45:46.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.278Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:45:46.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:45:46.762Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.762Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:45:46.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:46.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:47.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:45:47.981Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:47.981Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:48.450Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.590Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.590Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:48.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:49.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.231Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:50.418Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:50.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:50.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.75Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:51.168Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:51.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:51.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:45:51.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:51.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:51.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:51.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:52.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.668Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:45:52.668Open1480C:\malware.exeC:\VERSION.dll
11/9/2020 - 2:45:52.668Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:45:52.668Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:45:52.668Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:52.668Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:52.668Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:52.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:45:52.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:52.715Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:52.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:52.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:55.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:45:57.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:57.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:57.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:57.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:57.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:57.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.543Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:45:57.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:45:57.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:57.965Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.59Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.59Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.387Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:58.528Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:45:58.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:45:58.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:58.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:45:59.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:45:59.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:0.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:46:0.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:46:0.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:46:0.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\77248929224228e8150eea45de075401\System.Runtime.Remoting.ni.dllSystem.Runtime.Remoting.ni.dll
11/9/2020 - 2:46:0.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:0.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:0.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:0.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:0.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:0.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:0.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
11/9/2020 - 2:46:0.918Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
11/9/2020 - 2:46:0.965Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:46:1.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:46:1.59Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:46:1.106Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:1.231Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.325Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.325Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:1.793Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:1.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:1.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\068ae883ce93f6d9e7600b99f7677943\System.DirectoryServices.ni.dllSystem.DirectoryServices.ni.dll
11/9/2020 - 2:46:2.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:2.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:2.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:2.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:2.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:3.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:3.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.200Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:3.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:3.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:3.434Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:3.434Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:46:3.575Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:46:3.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.762Open1480C:\malware.exeC:\malware.config
11/9/2020 - 2:46:3.762Open1480C:\malware.exeC:\pt-BR\WuPjhNPmCO.resources.dll
11/9/2020 - 2:46:3.762Open1480C:\malware.exeC:\pt-BR\WuPjhNPmCO.resources\WuPjhNPmCO.resources.dll
11/9/2020 - 2:46:3.762Open1480C:\malware.exeC:\pt-BR\WuPjhNPmCO.resources.exe
11/9/2020 - 2:46:3.762Open1480C:\malware.exeC:\pt-BR\WuPjhNPmCO.resources\WuPjhNPmCO.resources.exe
11/9/2020 - 2:46:3.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:3.809Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:3.997Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:3.997Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:3.997Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\pt\WuPjhNPmCO.resources.dll
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\pt\WuPjhNPmCO.resources\WuPjhNPmCO.resources.dll
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\pt\WuPjhNPmCO.resources.exe
11/9/2020 - 2:46:3.997Open1480C:\malware.exeC:\pt\WuPjhNPmCO.resources\WuPjhNPmCO.resources.exe
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:4.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:4.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.528Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
11/9/2020 - 2:46:55.528Open1480C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:46:55.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:46:55.528Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:46:55.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:46:55.528Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:46:55.575Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
11/9/2020 - 2:46:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:55.575Open1480C:\malware.exeC:\WindowsCodecs.dll
11/9/2020 - 2:46:55.575Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:46:55.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:46:55.575Open1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
11/9/2020 - 2:46:55.575Unknown1480C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
11/9/2020 - 2:46:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt-BR\Jupiter.resources.dll
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt-BR\Jupiter.resources\Jupiter.resources.dll
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt-BR\Jupiter.resources.exe
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt-BR\Jupiter.resources\Jupiter.resources.exe
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt\Jupiter.resources.dll
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt\Jupiter.resources\Jupiter.resources.dll
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt\Jupiter.resources.exe
11/9/2020 - 2:46:56.481Open1480C:\malware.exeC:\pt\Jupiter.resources\Jupiter.resources.exe
11/9/2020 - 2:46:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:56.856Open1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:56.856Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:46:56.856Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
11/9/2020 - 2:46:56.856Unknown1480C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
11/9/2020 - 2:46:56.903Read2424C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
11/9/2020 - 2:46:56.903Open2424C:\malware.exe\Device\HarddiskVolume2
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Monitor
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Monitor
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Monitor
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:56.903Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/9/2020 - 2:46:56.903Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
11/9/2020 - 2:46:56.918Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
11/9/2020 - 2:46:56.918Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
11/9/2020 - 2:46:56.918Open2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:56.918Open2424C:\malware.exeC:\Windows\assembly
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Windows\assembly
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Windows\assembly
11/9/2020 - 2:46:56.918Open2424C:\malware.exeC:\Windows\assembly\GAC_32
11/9/2020 - 2:46:56.918Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32
11/9/2020 - 2:46:56.918Read2424C:\malware.exeC:\Windows\assembly\GAC_32
11/9/2020 - 2:46:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:56.965Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32
11/9/2020 - 2:46:56.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116343
11/9/2020 - 2:46:56.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116343
11/9/2020 - 2:46:56.965Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116343
11/9/2020 - 2:46:56.965Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
11/9/2020 - 2:46:56.965Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
11/9/2020 - 2:46:56.965Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
11/9/2020 - 2:46:56.965Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/9/2020 - 2:46:56.965Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/9/2020 - 2:46:56.965Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/9/2020 - 2:46:57.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL
11/9/2020 - 2:46:57.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
11/9/2020 - 2:46:57.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
11/9/2020 - 2:46:57.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
11/9/2020 - 2:46:57.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:57.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:57.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:57.12Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/9/2020 - 2:46:57.12Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/9/2020 - 2:46:57.12Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\CRYPTSP.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.59Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:57.75Open1480C:\malware.exeC:\RpcRtRemote.dll
11/9/2020 - 2:46:57.75Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:46:57.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:46:57.75Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:46:57.75Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\Globalization
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Globalization
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Globalization
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\Globalization\Sorting
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.75Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
11/9/2020 - 2:46:57.75Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\System32
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\System32
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\System32
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\SysWOW64
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\SysWOW64
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\SysWOW64
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\System32\ntdll.dll
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\System32\ntdll.dll
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:46:57.90Open2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:46:57.90Unknown2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\System32\kernel32.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\System32\kernel32.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\System32\user32.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\System32\user32.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\System32\apisetschema.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\System32\locale.nls
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\System32\locale.nls
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
11/9/2020 - 2:46:57.137Unknown2424C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
11/9/2020 - 2:46:57.137Open2424C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\lpk.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\lpk.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\usp10.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\usp10.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\msctf.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\msctf.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\System32\mctres.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\System32\mctres.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\profapi.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\profapi.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
11/9/2020 - 2:46:57.153Open2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dll
11/9/2020 - 2:46:57.153Unknown2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\System32\mctres.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\locale.nls
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
11/9/2020 - 2:46:57.168Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
11/9/2020 - 2:46:57.168Read2424C:\malware.exeC:\Windows\System32\mctres.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\ntdll.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\kernel32.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\user32.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
11/9/2020 - 2:46:57.168Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\user32.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\lpk.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\usp10.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\msctf.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\shell32.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\ole32.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\profapi.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exe\Device\HarddiskVolume2
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64win.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64cpu.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\System32\wow64log.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Monitor
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\sechost.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\SysWOW64\imm32.dll
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\malware.exe.config
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.184Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
11/9/2020 - 2:46:57.184Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:46:57.200Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.200Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.200Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.200Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.200Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\malware.exe.config
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Monitor
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Monitor
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.200Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:46:57.200Open2424C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
11/9/2020 - 2:46:57.278Unknown1480C:\malware.exeC:\Windows
11/9/2020 - 2:46:57.278Unknown1480C:\malware.exeC:\Monitor
11/9/2020 - 2:46:57.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.278Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:46:57.278Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\malware.config
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.278Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:57.278Unknown2424C:\malware.exeC:\Monitor\Malware
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.278Unknown2424C:\malware.exeC:\malware.exe
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.278Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.278Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\pubpol4.dat
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:46:57.356Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:46:57.356Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:57.356Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:57.356Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.497Open2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:57.497Open2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:57.497Unknown2424C:\malware.exeC:\Users\Behemot
11/9/2020 - 2:46:57.497Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:57.497Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:57.497Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Roaming
11/9/2020 - 2:46:57.497Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\Globalization\pt-br.nlp
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:46:57.543Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\bcrypt.dll
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/9/2020 - 2:46:57.543Open2424C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
11/9/2020 - 2:46:57.543Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.590Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.637Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.684Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.731Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.778Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.825Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.872Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.918Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:57.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\dwmapi.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\VERSION.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\SysWOW64\version.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:58.12Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:58.59Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:58.106Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:58.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:58.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:58.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:46:58.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:46:58.340Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:58.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\CRYPTSP.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.481Open2424C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
11/9/2020 - 2:46:58.622Open2424C:\malware.exeC:\RpcRtRemote.dll
11/9/2020 - 2:46:58.622Open2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:46:58.622Unknown2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:46:58.622Open2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
11/9/2020 - 2:46:58.622Unknown2424C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
11/9/2020 - 2:46:58.668Unknown2424C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
11/9/2020 - 2:46:58.668Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
11/9/2020 - 2:46:58.918Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
11/9/2020 - 2:46:58.918Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
11/9/2020 - 2:46:59.387Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
11/9/2020 - 2:46:59.387Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
11/9/2020 - 2:46:59.387Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
11/9/2020 - 2:46:59.387Open2424C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
11/9/2020 - 2:46:59.387Open2424C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:59.809Open2424C:\malware.exeC:\SXS.DLL
11/9/2020 - 2:46:59.809Open2424C:\malware.exeC:\Windows\SysWOW64\sxs.dll
11/9/2020 - 2:46:59.809Open2424C:\malware.exeC:\Windows\SysWOW64\sxs.dll
11/9/2020 - 2:46:59.809Open2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.809Open2424C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
11/9/2020 - 2:46:59.809Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.825Read2424C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
11/9/2020 - 2:46:59.825Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:0.293Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.293Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:0.293Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.293Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.293Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.293Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.309Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.309Open2424C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:47:0.309Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:0.309Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:0.309Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:0.309Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.309Unknown2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.325Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:0.325Open2424C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
11/9/2020 - 2:47:1.262Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
11/9/2020 - 2:47:1.262Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:1.262Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.262Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.309Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:1.356Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.403Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.450Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:1.543Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.543Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.590Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.637Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:1.684Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:1.731Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:1.778Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:47:1.825Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:1.825Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:47:1.825Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:1.872Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:1.918Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:1.965Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:2.12Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
11/9/2020 - 2:47:2.12Unknown2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:2.12Open2424C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:47:2.12Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:2.12Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:2.12Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:2.12Read2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
11/9/2020 - 2:47:2.12Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
11/9/2020 - 2:47:2.200Read2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:2.528Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
11/9/2020 - 2:47:6.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:6.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:6.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:6.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:6.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
11/9/2020 - 2:47:6.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:6.293Open2424C:\malware.exeC:\%insfolder%\%insname%
11/9/2020 - 2:47:6.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:6.434Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.434Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.481Read2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:6.481Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.528Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.575Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.590Open2424C:\malware.exeC:\shfolder.dll
11/9/2020 - 2:47:6.590Open2424C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:47:6.590Open2424C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
11/9/2020 - 2:47:6.825Open2424C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:47:6.825Unknown2424C:\malware.exeC:\Users\Behemot\AppData\Local
11/9/2020 - 2:47:6.825Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
11/9/2020 - 2:47:6.825Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.872Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.918Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:6.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.12Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.59Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.106Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.153Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.340Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.434Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
11/9/2020 - 2:47:7.481Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
11/9/2020 - 2:47:7.481Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:7.528Open2424C:\malware.exeC:\Windows\Globalization\en-us.nlp
11/9/2020 - 2:47:7.528Open2424C:\malware.exeC:\malware.config
11/9/2020 - 2:47:7.528Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:7.575Open2424C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:7.575Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:7.622Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:7.622Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:7.715Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:47:7.715Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:47:7.715Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:47:7.715Open2424C:\malware.exeC:\Windows\SysWOW64\tzres.dll
11/9/2020 - 2:47:7.715Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.715Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:7.715Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.762Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.809Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.856Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.903Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.950Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:7.950Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
11/9/2020 - 2:47:7.950Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:7.950Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:7.950Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.950Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
11/9/2020 - 2:47:7.950Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.950Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.950Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:7.997Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:8.43Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.90Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.137Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
11/9/2020 - 2:47:8.137Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.184Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.231Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.278Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.325Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.372Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.418Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:8.465Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
11/9/2020 - 2:47:8.528Open2424C:\malware.exeC:\vaultcli.dll
11/9/2020 - 2:47:8.543Open2424C:\malware.exeC:\vaultcli.dll
11/9/2020 - 2:47:8.543Open2424C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
11/9/2020 - 2:47:8.543Open2424C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
11/9/2020 - 2:47:9.325Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:9.325Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:9.325Open2424C:\malware.exeC:\Program Files (x86)
11/9/2020 - 2:47:9.325Unknown2424C:\malware.exeC:\Program Files (x86)
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
11/9/2020 - 2:47:9.340Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:9.340Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
11/9/2020 - 2:47:9.340Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
11/9/2020 - 2:47:9.356Open2424C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:47:9.356Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:47:9.356Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:47:9.356Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.356Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.356Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.356Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.356Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.356Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.356Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.418Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:47:9.465Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
11/9/2020 - 2:47:9.465Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
11/9/2020 - 2:47:9.465Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
11/9/2020 - 2:47:9.465Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
11/9/2020 - 2:47:9.512Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
11/9/2020 - 2:47:9.512Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\Storage
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\mail
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
11/9/2020 - 2:47:9.559Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
11/9/2020 - 2:47:9.622Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
11/9/2020 - 2:47:9.622Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:9.668Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\malware.exe.Local
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:9.950Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:9.950Unknown2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
11/9/2020 - 2:47:9.950Open2424C:\malware.exeC:\Monitor\Folder.lst
11/9/2020 - 2:47:9.965Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
11/9/2020 - 2:47:9.965Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
11/9/2020 - 2:47:9.965Unknown2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Open2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:9.965Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.12Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.59Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.106Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.153Open2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:10.200Unknown2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
11/9/2020 - 2:47:10.200Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.247Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.293Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.340Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.387Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.434Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.481Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.528Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.575Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.622Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.668Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.715Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.762Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.809Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.856Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.903Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.950Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:10.997Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:11.43Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
11/9/2020 - 2:47:11.90Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
11/9/2020 - 2:47:11.90Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
11/9/2020 - 2:47:11.90Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
11/9/2020 - 2:47:11.90Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
11/9/2020 - 2:47:11.90Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
11/9/2020 - 2:47:11.90Open2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.137Open2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.418Open2424C:\malware.exeC:\Windows\SysWOW64\mpr.dll
11/9/2020 - 2:47:11.418Open2424C:\malware.exeC:\Windows\SysWOW64\mpr.dll
11/9/2020 - 2:47:11.418Open2424C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
11/9/2020 - 2:47:11.418Open2424C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
11/9/2020 - 2:47:11.793Open2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:11.793Read2424C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
11/9/2020 - 2:47:11.887Open2424C:\malware.exeC:\FTP Navigator\Ftplist.txt
11/9/2020 - 2:47:11.887Open2424C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
11/9/2020 - 2:47:11.887Open2424C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
11/9/2020 - 2:47:11.887Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:11.934Read2424C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
11/9/2020 - 2:47:11.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
11/9/2020 - 2:47:11.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
11/9/2020 - 2:47:11.981Open2424C:\malware.exeC:\cftp\Ftplist.txt
11/9/2020 - 2:47:11.981Open2424C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
11/9/2020 - 2:47:11.981Open2424C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script

Process
Trace
11/9/2020 - 2:46:56.856Create1480C:\malware.exe2424C:\malware.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 60.63%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 95.14%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 64.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 70.17%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 94.80%
suspicious: False cancel

Add to Collection
Download