Report #11597 check_circle

  • Creation Date: Sept. 21, 2020, 11:53 a.m.
  • Last Update: Sept. 21, 2020, 11:58 a.m.
  • File: ze.exe
  • Results:
Binary
DLL
False cancel
Size
502.50KB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
657304bfc23f9b227f1618a02b6533dc
sha1
5c3a2ec79ff7996f81dfa80e0909e3bf256b7810
crc32
0xa9630369
sha224
dd9a2e770a8d3a286803bad3db2bfc3d7ab544638365b7665686b033
sha256
a86963a2cc10f60fcf875abc6245f32e943042e5947a05d81b312d4f4f4a9b4e
sha384
db2269cdeb2eb04e8d30f64da8447f6eaa28a3e4b2ff29f283fc443bffe4ca611515c6ac097023ead8e59c678ee5865b
sha512
c2d5a08470f5fdf2f251c1a7ce4ef661edb60af95cc489170b1594d331e2c77a73ec01912eb7ed6194d0640b7f941ac8dff3f5243703295516d2b47a8e74b7e4
ssdeep
12288:C9KHkvitQu9z7HnrbSo/q/08+oYEFZNX8kwoBbJK9QcvQMZai:C9TqiGrbxcz+oZHwgxnCai
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
<?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
System.IO
System.ComponentModel.Design
8.Vn
K.HN
p.Fr
wSystem.Windows.Forms.DockStyle, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, Publickeytoken=b77a5c561934e089
System.Security.Cryptography
K.Vc
1.3.6.8
1.3.6.8
1.3.6.8
1.3.6.8
B.rsrc
RibbonLib.Properties.Resources.resources
vs.data.DataSet
propsys.dll
16.0.0.0
16.0.0.0
tsWERlfP.exe
tsWERlfP.exe
tsWERlfP.exe
OnRowDeleting
OnRowDeleted
,am/t
(#ffeeffefea(
(System.Data.Design.TypedDataSetGenerator
)9%feE
%nu?R
add_HandleCreated
3System.Resources.Tools.StronglyTypedResourceBuilder
get_IsHandleCreated
nGS2t%A
Delete
LoadLibraryEx
LoadLibrary
Delegate
Yfefeffefefea
MulticastDelegate
System.Windows.Forms
mscoree.dll
add_HandleDestroyed
get_CommandId
set_CommandId
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_MetadataToken
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
CommandType
CommandId
CommandID
DebuggerHiddenAttribute
XmlRootAttribute
DebuggerBrowsableState
InterfaceTypeAttribute
GlobalBackgroundColor
ResourceManager
Execute
remove_SizeChanged
FreeLibrary
ffeeffefea
OnRowChanged
OnRowChanging
GetTempPath
Binder
ComputeHash
Debug
OnPaint
PaddingMode
GetHashCode
CipherMode
HashAlgorithm
CreateDecryptor
ICryptoTransform
rsa.5
$0F7434B6-59B6-4250-999E-D168D6AE4293
$EEA11F37-7C46-437c-8E55-B52122B29293
*#,E
$926749fa-2615-4987-8845-c33e65f2b957
$803982ab-370a-4f7e-a9e7-8784036a6e26
GetPublicKeyToken
$c205bb48-5b1c-4219-a106-15bd0a5f24e2
$D428903C-729A-491d-910D-682A08FF2522
FontProperties_BackgroundColor
$75ae0a2d-dc03-4c9f-8883-069660d0beb6
$B13C3248-093D-4366-9832-A936610846FD
FontProperties_BackgroundColorType
$886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99
Wz.uY(
$23c8c838-4de6-436b-ab01-5554bb7c30dd
FontProperties_Size
FontProperties_Underline
b.Sz&
FontProperties_ForegroundColor
DebuggerBrowsableAttribute
ComInterfaceType
DebuggerNonUserCodeAttribute
ClassInterfaceAttribute
W70h1Ut>

Foremost
Matches
0.exe, 502 KB, 112.png, 348 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 1.3.6.8, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: Ole32.dll, propsys.dll, mscoree.dll, OleAut32.dll, kernel32.dll
hasFiles: True check_circle
Suspicious: System.Xml
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 520058
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: ole32.dll, propsys.dll, mscoree.dll, oleaut32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-04-23 17:32:16
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 242

pushpopmath
.text: 141

ss register
.text: 3

garbagebytes
.text: 85

hookdetection
.text: 6

software breakpoint
.text: 6

fakeconditionaljumps
.text: 6

programcontrolflowchange
.text: 79

cpuinstructionsresultscomparison
.text: 29

AVclass
agensla
1
VirusTotal
md5
657304bfc23f9b227f1618a02b6533dc
sha1
5c3a2ec79ff7996f81dfa80e0909e3bf256b7810
SCANS (DETECTION RATE = 79.17%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200503
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=86)
update: 20200503
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200501
version: 6.17
detected: True check_circle

Bkav
update: 20200429
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 005654be1 )
update: 20200503
version: 11.106.33973
detected: True check_circle

ALYac
result: Spyware.AgentTesla
update: 20200503
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:PWSX-gen [Trj]
update: 20200503
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.zgzef
update: 20200503
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.ALK.gen!Eldorado
update: 20200503
version: 6.2.2.2
detected: True check_circle

DrWeb
result: Trojan.PWS.Siggen2.47960
update: 20200503
version: 7.0.46.3050
detected: True check_circle

GData
result: Trojan.Agent.EPTE
update: 20200503
version: A:25.25559B:26.18600
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200503
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200430
version: 4.3.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200503
version: 83446
detected: True check_circle

Zoner
update: 20200502
version: 0.0.0.0
detected: False cancel

ClamAV
update: 20200503
version: 0.102.2.0
detected: False cancel

Comodo
result: Malware@#318ntz1xpmamq
update: 20200503
version: 32401
detected: True check_circle

F-Prot
result: W32/MSIL_Kryptik.ALK.gen!Eldorado
update: 20200503
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Trojan.MSIL.Agent
update: 20200503
version: 0.1.5.2
detected: True check_circle

McAfee
result: RDN/Generic PWS.y
update: 20200503
version: 6.0.6.653
detected: True check_circle

Rising
result: Trojan.Kryptik!8.8 (CLOUD)
update: 20200503
version: 25.0.0.24
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20200503
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTCWDu.8
update: 20200502
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Kryptik.Win32.1992358
update: 20200430
version: 2.0.0.4082
detected: True check_circle

Acronis
result: suspicious
update: 20200422
version: 1.1.1.75
detected: True check_circle

Alibaba
result: TrojanPSW:MSIL/CryptInject.37421724
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Agent.EPTE
update: 20200503
version: 1.0.0.872
detected: True check_circle

Cylance
result: Unsafe
update: 20200503
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20200226
version: 3.0.17
detected: True check_circle

FireEye
result: Generic.mg.657304bfc23f9b22
update: 20200316
version: 32.31.0.0
detected: True check_circle

Sangfor
result: Malware
update: 20200423
version: 1.0
detected: True check_circle

TACHYON
update: 20200503
version: 2020-05-03.02
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200503
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200503
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20200503
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20200503
detected: False cancel

Ad-Aware
result: Trojan.Agent.EPTE
update: 20200503
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Agensla.i!c
update: 20200503
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.Agent.EPTE (B)
update: 20200503
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.zgzef
update: 20200503
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.50C3!tr
update: 20200503
version: 6.2.142.0
detected: True check_circle

Invincea
update: 20200502
version: 6.3.6.26157
detected: False cancel

Jiangmin
update: 20200503
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200503
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200503
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen.2
update: 20200503
version: 1.11.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20200123
version: 3.2.22.914
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Kryptik.C4076220
update: 20200503
version: 3.17.5.27267
detected: True check_circle

Antiy-AVL
result: Trojan[PSW]/MSIL.Agensla
update: 20200503
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200503
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.74499699.susgen
update: 20200503
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:MSIL/CryptInject.SC!MTB
update: 20200503
version: 1.1.16900.4
detected: True check_circle

Qihoo-360
result: Generic/Trojan.PSW.374
update: 20200503
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-PSW.MSIL.Agensla.gen
update: 20200503
version: 1.0
detected: True check_circle

Cybereason
result: malicious.79ff79
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.VPK
update: 20200503
version: 21267
detected: True check_circle

TrendMicro
result: TROJ_GEN.R022C0DDP20
update: 20200503
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.Agent.EPTE
update: 20200503
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 005654be1 )
update: 20200503
version: 11.106.33973
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20200406
version: 2.1.0.89
detected: True check_circle

Avast-Mobile
update: 20200502
version: 200502-00
detected: False cancel

Malwarebytes
result: Trojan.Crypt.MSIL
update: 20200503
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200503
version: 37.1.62.1
detected: False cancel

NANO-Antivirus
update: 20200503
version: 1.0.134.25112
detected: False cancel

BitDefenderTheta
result: Gen:NN.ZemsilF.34108.Fm0@au5FMNl
update: 20200428
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.Agent.EPTE
update: 20200503
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200501
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.hc
update: 20200503
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R022C0DDP20
update: 20200503
version: 10.0.0.1040
detected: True check_circle

total
72
sha256
a86963a2cc10f60fcf875abc6245f32e943042e5947a05d81b312d4f4f4a9b4e
scan_id
a86963a2cc10f60fcf875abc6245f32e943042e5947a05d81b312d4f4f4a9b4e-1588540780
resource
657304bfc23f9b227f1618a02b6533dc
positives
57
scan_date
2020-05-03 21:19:40
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/9/2020 - 10:45:44.731Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:44.747Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\
21/9/2020 - 10:45:44.747Unknown2088C:\malware.exeC:\
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows
21/9/2020 - 10:45:44.747Unknown2088C:\malware.exeC:\Windows
21/9/2020 - 10:45:44.747Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:44.747Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:46.700Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:45:46.747Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.747Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.747Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.747Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.747Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.747Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.747Open2088C:\malware.exeC:\malware.exe.config
21/9/2020 - 10:45:46.747Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
21/9/2020 - 10:45:46.747Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
21/9/2020 - 10:45:46.747Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
21/9/2020 - 10:45:46.747Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
21/9/2020 - 10:45:46.747Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 10:45:46.809Unknown2088C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:46.809Unknown2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:45:46.809Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
21/9/2020 - 10:45:46.809Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
21/9/2020 - 10:45:46.903Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
21/9/2020 - 10:45:46.903Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 10:45:46.903Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:46.918Unknown2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.918Unknown2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\
21/9/2020 - 10:45:46.918Unknown2088C:\malware.exeC:\
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Monitor
21/9/2020 - 10:45:46.918Unknown2088C:\malware.exeC:\Monitor
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:45:46.918Unknown2088C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.918Unknown2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:45:46.918Open2088C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:45:46.965Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\malware.config
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.965Unknown2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:45:46.965Unknown2088C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.965Unknown2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:45:46.965Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:46.981Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\assembly\pubpol4.dat
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:45:46.981Unknown2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:45:46.981Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Unknown2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:45:46.981Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 10:45:46.997Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:46.997Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 10:45:46.997Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:46.997Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 10:45:46.997Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:46.997Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 10:45:46.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:47.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:48.512Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:48.747Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:48.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:49.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.356Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:49.450Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:45:49.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:49.731Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:45:49.825Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:45:49.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:49.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:49.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:49.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:50.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:50.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:50.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:50.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:50.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:50.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:50.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:50.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:50.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:51.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:51.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:51.934Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
21/9/2020 - 10:45:51.981Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
21/9/2020 - 10:45:52.28Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
21/9/2020 - 10:45:52.75Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
21/9/2020 - 10:45:52.122Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
21/9/2020 - 10:45:52.168Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.231Open2088C:\malware.exeC:\Windows\Globalization\pt-br.nlp
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:45:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.403Open2088C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:45:52.403Open2088C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:45:52.403Open2088C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:45:52.403Open2088C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:45:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:45:52.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:45:52.825Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
21/9/2020 - 10:45:52.825Open2088C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:45:52.825Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:45:52.872Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:45:52.872Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:45:52.872Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\ShFolder.DLL
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:52.918Unknown2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:45:52.918Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:52.918Unknown2088C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:45:52.918Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
21/9/2020 - 10:45:52.918Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
21/9/2020 - 10:45:52.918Read2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:45:52.918Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.934Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.950Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.950Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:45:52.950Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 10:45:52.950Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 10:45:52.950Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 10:45:53.90Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
21/9/2020 - 10:45:53.137Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
21/9/2020 - 10:45:53.137Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
21/9/2020 - 10:45:53.137Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
21/9/2020 - 10:45:53.231Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
21/9/2020 - 10:45:53.278Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
21/9/2020 - 10:45:53.278Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
21/9/2020 - 10:45:53.278Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
21/9/2020 - 10:45:53.418Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
21/9/2020 - 10:45:53.465Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:45:53.465Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:45:53.465Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:45:53.606Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:45:53.653Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 10:45:53.653Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 10:45:53.653Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 10:45:53.747Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
21/9/2020 - 10:45:53.747Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 10:45:53.747Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 10:45:53.747Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 10:45:53.840Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
21/9/2020 - 10:45:53.840Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 10:45:53.840Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 10:45:53.840Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 10:45:53.934Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
21/9/2020 - 10:45:53.934Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 10:45:53.934Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 10:45:53.934Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 10:45:54.75Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
21/9/2020 - 10:45:54.75Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 10:45:54.75Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 10:45:54.75Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 10:45:54.215Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
21/9/2020 - 10:45:54.262Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
21/9/2020 - 10:45:54.262Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
21/9/2020 - 10:45:54.262Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
21/9/2020 - 10:45:54.356Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
21/9/2020 - 10:45:54.403Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 10:45:54.403Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 10:45:54.403Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 10:45:54.497Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
21/9/2020 - 10:45:54.497Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
21/9/2020 - 10:45:54.497Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
21/9/2020 - 10:45:54.497Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
21/9/2020 - 10:45:54.590Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
21/9/2020 - 10:45:54.590Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:54.590Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:54.590Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:55.153Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:55.575Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:55.622Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:55.668Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
21/9/2020 - 10:45:55.668Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 10:45:55.715Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 10:45:55.715Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 10:45:55.809Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
21/9/2020 - 10:45:55.809Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 10:45:55.809Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 10:45:55.809Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 10:45:55.950Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
21/9/2020 - 10:45:55.950Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
21/9/2020 - 10:45:55.950Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
21/9/2020 - 10:45:55.950Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
21/9/2020 - 10:45:56.43Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
21/9/2020 - 10:45:56.43Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 10:45:56.43Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 10:45:56.43Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 10:45:56.137Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
21/9/2020 - 10:45:56.184Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
21/9/2020 - 10:45:56.184Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
21/9/2020 - 10:45:56.184Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
21/9/2020 - 10:45:56.278Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
21/9/2020 - 10:45:56.325Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 10:45:56.325Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 10:45:56.325Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 10:45:56.418Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
21/9/2020 - 10:45:56.418Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
21/9/2020 - 10:45:56.418Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
21/9/2020 - 10:45:56.418Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
21/9/2020 - 10:45:56.512Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
21/9/2020 - 10:45:56.512Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 10:45:56.512Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 10:45:56.512Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 10:45:56.606Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
21/9/2020 - 10:45:56.653Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
21/9/2020 - 10:45:56.653Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
21/9/2020 - 10:45:56.653Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
21/9/2020 - 10:45:56.747Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
21/9/2020 - 10:45:56.793Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 10:45:56.793Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 10:45:56.793Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 10:45:56.887Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
21/9/2020 - 10:45:56.887Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
21/9/2020 - 10:45:56.887Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
21/9/2020 - 10:45:56.887Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
21/9/2020 - 10:45:56.981Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
21/9/2020 - 10:45:56.981Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 10:45:56.981Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 10:45:56.981Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 10:45:57.75Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
21/9/2020 - 10:45:57.75Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
21/9/2020 - 10:45:57.75Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
21/9/2020 - 10:45:57.75Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
21/9/2020 - 10:45:57.168Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
21/9/2020 - 10:45:57.168Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 10:45:57.168Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 10:45:57.168Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 10:45:57.262Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
21/9/2020 - 10:45:57.309Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:45:57.309Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:45:57.309Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:45:57.590Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:45:57.731Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
21/9/2020 - 10:45:57.731Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
21/9/2020 - 10:45:57.731Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
21/9/2020 - 10:45:58.12Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
21/9/2020 - 10:45:58.153Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 10:45:58.153Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 10:45:58.153Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 10:45:58.293Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
21/9/2020 - 10:45:58.340Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
21/9/2020 - 10:45:58.340Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
21/9/2020 - 10:45:58.340Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
21/9/2020 - 10:45:58.434Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
21/9/2020 - 10:45:58.481Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:45:58.481Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:45:58.481Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:45:59.137Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:45:59.840Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:46:0.215Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:46:0.637Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
21/9/2020 - 10:46:1.12Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:1.12Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:1.12Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:1.668Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:2.418Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:2.793Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:3.247Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
21/9/2020 - 10:46:3.575Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 10:46:3.575Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 10:46:3.575Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 10:46:3.715Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
21/9/2020 - 10:46:3.762Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:3.762Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:3.762Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:4.90Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:4.418Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
21/9/2020 - 10:46:4.418Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
21/9/2020 - 10:46:4.418Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
21/9/2020 - 10:46:4.747Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
21/9/2020 - 10:46:5.28Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:5.28Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:5.28Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:5.403Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:5.778Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
21/9/2020 - 10:46:5.778Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
21/9/2020 - 10:46:5.778Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
21/9/2020 - 10:46:6.153Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
21/9/2020 - 10:46:6.481Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 10:46:6.481Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 10:46:6.481Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 10:46:7.28Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 10:46:7.450Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 10:46:7.450Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
21/9/2020 - 10:46:7.450Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 10:46:7.450Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 10:46:7.450Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 10:46:7.965Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 10:46:8.387Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 10:46:8.387Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
21/9/2020 - 10:46:8.387Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 10:46:8.387Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 10:46:8.387Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 10:46:8.528Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
21/9/2020 - 10:46:8.668Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 10:46:8.668Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 10:46:8.668Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 10:46:9.90Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 10:46:9.418Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 10:46:9.559Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
21/9/2020 - 10:46:9.653Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 10:46:9.653Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 10:46:9.653Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 10:46:10.28Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 10:46:10.356Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
21/9/2020 - 10:46:10.450Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 10:46:10.450Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 10:46:10.450Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 10:46:10.590Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
21/9/2020 - 10:46:10.590Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 10:46:10.590Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 10:46:10.590Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 10:46:10.684Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
21/9/2020 - 10:46:10.684Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
21/9/2020 - 10:46:10.684Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
21/9/2020 - 10:46:10.684Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
21/9/2020 - 10:46:10.778Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
21/9/2020 - 10:46:10.778Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 10:46:10.778Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 10:46:10.778Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 10:46:10.918Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
21/9/2020 - 10:46:11.12Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 10:46:11.12Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 10:46:11.12Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 10:46:11.153Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
21/9/2020 - 10:46:11.200Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
21/9/2020 - 10:46:11.200Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
21/9/2020 - 10:46:11.200Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
21/9/2020 - 10:46:11.340Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
21/9/2020 - 10:46:11.340Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 10:46:11.340Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 10:46:11.340Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 10:46:11.434Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
21/9/2020 - 10:46:11.434Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 10:46:11.434Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 10:46:11.434Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 10:46:11.528Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
21/9/2020 - 10:46:11.528Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
21/9/2020 - 10:46:11.528Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
21/9/2020 - 10:46:11.528Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
21/9/2020 - 10:46:11.622Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
21/9/2020 - 10:46:11.622Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 10:46:11.622Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 10:46:11.622Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 10:46:11.762Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
21/9/2020 - 10:46:11.903Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
21/9/2020 - 10:46:11.903Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
21/9/2020 - 10:46:11.903Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
21/9/2020 - 10:46:12.43Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
21/9/2020 - 10:46:12.184Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
21/9/2020 - 10:46:12.231Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
21/9/2020 - 10:46:12.231Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
21/9/2020 - 10:46:12.231Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
21/9/2020 - 10:46:12.231Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
21/9/2020 - 10:46:12.278Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
21/9/2020 - 10:46:12.278Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
21/9/2020 - 10:46:12.278Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
21/9/2020 - 10:46:12.278Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
21/9/2020 - 10:46:12.418Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 10:46:12.512Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 10:46:12.653Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
21/9/2020 - 10:46:12.700Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
21/9/2020 - 10:46:12.700Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
21/9/2020 - 10:46:12.700Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
21/9/2020 - 10:46:12.840Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
21/9/2020 - 10:46:12.934Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 10:46:12.934Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 10:46:12.934Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 10:46:13.28Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 10:46:13.122Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
21/9/2020 - 10:46:13.122Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 10:46:13.122Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 10:46:13.122Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 10:46:13.450Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
21/9/2020 - 10:46:13.637Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 10:46:13.637Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 10:46:13.637Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 10:46:13.731Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
21/9/2020 - 10:46:13.731Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 10:46:13.731Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 10:46:13.731Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 10:46:13.825Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
21/9/2020 - 10:46:13.825Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
21/9/2020 - 10:46:13.825Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
21/9/2020 - 10:46:13.825Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
21/9/2020 - 10:46:13.918Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
21/9/2020 - 10:46:14.59Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
21/9/2020 - 10:46:14.153Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
21/9/2020 - 10:46:14.153Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
21/9/2020 - 10:46:14.153Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
21/9/2020 - 10:46:14.200Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
21/9/2020 - 10:46:14.200Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
21/9/2020 - 10:46:14.200Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
21/9/2020 - 10:46:14.200Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
21/9/2020 - 10:46:14.340Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
21/9/2020 - 10:46:14.434Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 10:46:14.434Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 10:46:14.434Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 10:46:14.528Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
21/9/2020 - 10:46:14.528Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
21/9/2020 - 10:46:14.528Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
21/9/2020 - 10:46:14.528Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
21/9/2020 - 10:46:14.622Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
21/9/2020 - 10:46:14.622Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 10:46:14.622Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 10:46:14.622Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 10:46:14.715Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
21/9/2020 - 10:46:14.715Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
21/9/2020 - 10:46:14.715Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
21/9/2020 - 10:46:14.715Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
21/9/2020 - 10:46:14.809Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
21/9/2020 - 10:46:14.809Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 10:46:14.809Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 10:46:14.809Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 10:46:14.903Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
21/9/2020 - 10:46:14.903Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
21/9/2020 - 10:46:14.903Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
21/9/2020 - 10:46:14.903Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
21/9/2020 - 10:46:15.43Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
21/9/2020 - 10:46:15.43Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 10:46:15.43Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 10:46:15.43Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 10:46:15.184Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
21/9/2020 - 10:46:15.184Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 10:46:15.184Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 10:46:15.184Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 10:46:15.231Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 10:46:15.231Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
21/9/2020 - 10:46:15.231Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
21/9/2020 - 10:46:15.231Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
21/9/2020 - 10:46:15.278Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 10:46:15.372Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 10:46:15.465Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
21/9/2020 - 10:46:15.465Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
21/9/2020 - 10:46:15.465Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
21/9/2020 - 10:46:15.465Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
21/9/2020 - 10:46:15.559Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
21/9/2020 - 10:46:15.559Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
21/9/2020 - 10:46:15.559Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
21/9/2020 - 10:46:15.559Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
21/9/2020 - 10:46:15.653Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
21/9/2020 - 10:46:15.653Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
21/9/2020 - 10:46:15.653Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
21/9/2020 - 10:46:15.653Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
21/9/2020 - 10:46:15.747Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
21/9/2020 - 10:46:15.747Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 10:46:15.747Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 10:46:15.747Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 10:46:15.840Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
21/9/2020 - 10:46:15.840Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
21/9/2020 - 10:46:15.840Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
21/9/2020 - 10:46:15.840Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
21/9/2020 - 10:46:15.934Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
21/9/2020 - 10:46:15.934Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
21/9/2020 - 10:46:15.934Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
21/9/2020 - 10:46:15.934Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
21/9/2020 - 10:46:16.28Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
21/9/2020 - 10:46:16.28Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
21/9/2020 - 10:46:16.28Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
21/9/2020 - 10:46:16.28Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
21/9/2020 - 10:46:16.122Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
21/9/2020 - 10:46:16.122Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 10:46:16.122Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 10:46:16.122Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 10:46:16.215Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
21/9/2020 - 10:46:16.215Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
21/9/2020 - 10:46:16.215Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
21/9/2020 - 10:46:16.215Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
21/9/2020 - 10:46:16.309Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
21/9/2020 - 10:46:16.309Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
21/9/2020 - 10:46:16.309Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
21/9/2020 - 10:46:16.309Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
21/9/2020 - 10:46:16.403Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
21/9/2020 - 10:46:16.403Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
21/9/2020 - 10:46:16.403Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
21/9/2020 - 10:46:16.403Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
21/9/2020 - 10:46:16.497Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
21/9/2020 - 10:46:16.497Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 10:46:16.497Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 10:46:16.497Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 10:46:16.637Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
21/9/2020 - 10:46:16.684Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
21/9/2020 - 10:46:16.684Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
21/9/2020 - 10:46:16.684Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
21/9/2020 - 10:46:16.825Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
21/9/2020 - 10:46:16.872Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 10:46:16.872Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 10:46:16.872Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 10:46:16.965Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
21/9/2020 - 10:46:16.965Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
21/9/2020 - 10:46:16.965Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
21/9/2020 - 10:46:16.965Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
21/9/2020 - 10:46:17.59Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
21/9/2020 - 10:46:17.59Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 10:46:17.59Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 10:46:17.59Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 10:46:17.153Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
21/9/2020 - 10:46:17.153Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
21/9/2020 - 10:46:17.153Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
21/9/2020 - 10:46:17.153Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
21/9/2020 - 10:46:17.247Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
21/9/2020 - 10:46:17.247Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
21/9/2020 - 10:46:17.247Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
21/9/2020 - 10:46:17.247Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
21/9/2020 - 10:46:17.340Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
21/9/2020 - 10:46:17.340Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
21/9/2020 - 10:46:17.340Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
21/9/2020 - 10:46:17.340Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
21/9/2020 - 10:46:17.434Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
21/9/2020 - 10:46:17.434Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 10:46:17.434Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 10:46:17.434Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 10:46:17.528Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
21/9/2020 - 10:46:17.528Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
21/9/2020 - 10:46:17.528Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
21/9/2020 - 10:46:17.528Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
21/9/2020 - 10:46:17.622Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
21/9/2020 - 10:46:17.622Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 10:46:17.622Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 10:46:17.622Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 10:46:17.762Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
21/9/2020 - 10:46:17.809Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 10:46:17.809Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 10:46:17.809Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 10:46:17.903Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 10:46:17.997Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
21/9/2020 - 10:46:17.997Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
21/9/2020 - 10:46:17.997Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
21/9/2020 - 10:46:17.997Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
21/9/2020 - 10:46:18.90Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
21/9/2020 - 10:46:18.90Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
21/9/2020 - 10:46:18.90Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
21/9/2020 - 10:46:18.90Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
21/9/2020 - 10:46:18.184Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
21/9/2020 - 10:46:18.184Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
21/9/2020 - 10:46:18.184Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
21/9/2020 - 10:46:18.184Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
21/9/2020 - 10:46:18.278Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
21/9/2020 - 10:46:18.278Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 10:46:18.278Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 10:46:18.278Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 10:46:18.372Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
21/9/2020 - 10:46:18.372Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
21/9/2020 - 10:46:18.372Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
21/9/2020 - 10:46:18.372Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
21/9/2020 - 10:46:18.465Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
21/9/2020 - 10:46:18.465Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 10:46:18.465Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 10:46:18.465Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\modern.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\modern.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\modern.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\roman.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\roman.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\roman.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\script.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\script.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\script.fon
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 10:46:18.559Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 10:46:18.653Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
21/9/2020 - 10:46:18.653Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 10:46:18.653Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 10:46:18.653Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 10:46:18.793Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
21/9/2020 - 10:46:18.981Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 10:46:18.981Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 10:46:18.981Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 10:46:19.75Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
21/9/2020 - 10:46:19.75Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
21/9/2020 - 10:46:19.75Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
21/9/2020 - 10:46:19.75Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
21/9/2020 - 10:46:19.168Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
21/9/2020 - 10:46:19.168Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 10:46:19.168Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 10:46:19.168Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 10:46:19.262Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
21/9/2020 - 10:46:19.262Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 10:46:19.262Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 10:46:19.262Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 10:46:19.403Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
21/9/2020 - 10:46:19.543Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
21/9/2020 - 10:46:19.543Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
21/9/2020 - 10:46:19.543Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
21/9/2020 - 10:46:19.637Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
21/9/2020 - 10:46:19.778Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 10:46:19.778Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 10:46:19.778Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 10:46:19.872Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
21/9/2020 - 10:46:19.872Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
21/9/2020 - 10:46:19.872Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
21/9/2020 - 10:46:19.872Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
21/9/2020 - 10:46:19.965Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
21/9/2020 - 10:46:19.965Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 10:46:19.965Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 10:46:19.965Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 10:46:20.59Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
21/9/2020 - 10:46:20.59Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 10:46:20.59Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 10:46:20.59Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 10:46:20.153Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
21/9/2020 - 10:46:20.153Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
21/9/2020 - 10:46:20.153Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
21/9/2020 - 10:46:20.153Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
21/9/2020 - 10:46:20.247Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
21/9/2020 - 10:46:20.247Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 10:46:20.247Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 10:46:20.247Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 10:46:20.340Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
21/9/2020 - 10:46:20.340Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 10:46:20.340Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 10:46:20.340Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 10:46:20.434Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
21/9/2020 - 10:46:20.434Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
21/9/2020 - 10:46:20.434Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
21/9/2020 - 10:46:20.434Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
21/9/2020 - 10:46:20.528Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
21/9/2020 - 10:46:20.528Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 10:46:20.528Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 10:46:20.528Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 10:46:20.622Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
21/9/2020 - 10:46:20.622Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 10:46:20.622Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 10:46:20.622Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 10:46:20.715Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
21/9/2020 - 10:46:20.715Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 10:46:20.715Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 10:46:20.715Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 10:46:20.809Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
21/9/2020 - 10:46:20.809Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 10:46:20.809Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 10:46:20.809Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 10:46:20.903Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
21/9/2020 - 10:46:20.903Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 10:46:20.903Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 10:46:20.903Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 10:46:21.184Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
21/9/2020 - 10:46:21.278Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 10:46:21.278Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 10:46:21.278Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 10:46:21.559Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
21/9/2020 - 10:46:21.653Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 10:46:21.653Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 10:46:21.653Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 10:46:21.934Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
21/9/2020 - 10:46:22.28Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 10:46:22.28Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 10:46:22.28Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 10:46:22.122Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
21/9/2020 - 10:46:22.122Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
21/9/2020 - 10:46:22.122Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
21/9/2020 - 10:46:22.122Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
21/9/2020 - 10:46:22.215Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
21/9/2020 - 10:46:22.215Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
21/9/2020 - 10:46:22.215Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
21/9/2020 - 10:46:22.215Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
21/9/2020 - 10:46:22.309Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
21/9/2020 - 10:46:22.309Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
21/9/2020 - 10:46:22.309Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
21/9/2020 - 10:46:22.309Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
21/9/2020 - 10:46:22.403Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
21/9/2020 - 10:46:22.403Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 10:46:22.403Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 10:46:22.403Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 10:46:22.497Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
21/9/2020 - 10:46:22.497Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
21/9/2020 - 10:46:22.497Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
21/9/2020 - 10:46:22.497Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
21/9/2020 - 10:46:22.590Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
21/9/2020 - 10:46:22.590Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
21/9/2020 - 10:46:22.590Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
21/9/2020 - 10:46:22.590Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
21/9/2020 - 10:46:22.684Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
21/9/2020 - 10:46:22.684Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
21/9/2020 - 10:46:22.684Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
21/9/2020 - 10:46:22.684Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
21/9/2020 - 10:46:22.778Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
21/9/2020 - 10:46:22.778Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 10:46:22.778Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 10:46:22.778Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 10:46:22.872Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
21/9/2020 - 10:46:22.872Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
21/9/2020 - 10:46:22.872Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
21/9/2020 - 10:46:22.872Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
21/9/2020 - 10:46:22.965Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
21/9/2020 - 10:46:22.965Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
21/9/2020 - 10:46:22.965Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
21/9/2020 - 10:46:22.965Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
21/9/2020 - 10:46:23.59Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
21/9/2020 - 10:46:23.59Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
21/9/2020 - 10:46:23.59Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
21/9/2020 - 10:46:23.59Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
21/9/2020 - 10:46:23.153Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
21/9/2020 - 10:46:23.153Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 10:46:23.153Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 10:46:23.153Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 10:46:23.247Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
21/9/2020 - 10:46:23.247Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
21/9/2020 - 10:46:23.247Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
21/9/2020 - 10:46:23.247Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
21/9/2020 - 10:46:23.340Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
21/9/2020 - 10:46:23.340Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
21/9/2020 - 10:46:23.340Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
21/9/2020 - 10:46:23.340Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
21/9/2020 - 10:46:23.434Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
21/9/2020 - 10:46:23.434Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
21/9/2020 - 10:46:23.434Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
21/9/2020 - 10:46:23.434Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
21/9/2020 - 10:46:23.528Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
21/9/2020 - 10:46:23.528Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 10:46:23.528Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 10:46:23.528Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 10:46:23.622Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
21/9/2020 - 10:46:23.622Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
21/9/2020 - 10:46:23.622Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
21/9/2020 - 10:46:23.622Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
21/9/2020 - 10:46:23.715Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
21/9/2020 - 10:46:23.715Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
21/9/2020 - 10:46:23.715Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
21/9/2020 - 10:46:23.715Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
21/9/2020 - 10:46:23.809Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
21/9/2020 - 10:46:23.809Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
21/9/2020 - 10:46:23.809Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
21/9/2020 - 10:46:23.809Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
21/9/2020 - 10:46:23.903Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
21/9/2020 - 10:46:23.903Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 10:46:23.903Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 10:46:23.903Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 10:46:23.997Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
21/9/2020 - 10:46:23.997Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
21/9/2020 - 10:46:23.997Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
21/9/2020 - 10:46:23.997Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
21/9/2020 - 10:46:24.90Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
21/9/2020 - 10:46:24.90Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
21/9/2020 - 10:46:24.90Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
21/9/2020 - 10:46:24.90Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
21/9/2020 - 10:46:24.184Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
21/9/2020 - 10:46:24.231Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
21/9/2020 - 10:46:24.231Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
21/9/2020 - 10:46:24.231Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
21/9/2020 - 10:46:24.325Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
21/9/2020 - 10:46:24.325Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 10:46:24.325Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 10:46:24.325Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 10:46:24.418Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
21/9/2020 - 10:46:24.418Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
21/9/2020 - 10:46:24.418Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
21/9/2020 - 10:46:24.418Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
21/9/2020 - 10:46:24.512Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
21/9/2020 - 10:46:24.512Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
21/9/2020 - 10:46:24.512Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
21/9/2020 - 10:46:24.512Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
21/9/2020 - 10:46:24.606Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
21/9/2020 - 10:46:24.606Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
21/9/2020 - 10:46:24.606Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
21/9/2020 - 10:46:24.606Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
21/9/2020 - 10:46:24.700Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
21/9/2020 - 10:46:24.700Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 10:46:24.700Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 10:46:24.700Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 10:46:24.793Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
21/9/2020 - 10:46:24.793Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
21/9/2020 - 10:46:24.793Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
21/9/2020 - 10:46:24.793Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
21/9/2020 - 10:46:24.887Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
21/9/2020 - 10:46:24.887Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
21/9/2020 - 10:46:24.887Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
21/9/2020 - 10:46:24.887Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
21/9/2020 - 10:46:24.981Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
21/9/2020 - 10:46:24.981Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
21/9/2020 - 10:46:24.981Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
21/9/2020 - 10:46:24.981Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
21/9/2020 - 10:46:25.75Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
21/9/2020 - 10:46:25.75Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 10:46:25.75Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 10:46:25.75Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 10:46:25.168Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
21/9/2020 - 10:46:25.168Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
21/9/2020 - 10:46:25.168Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
21/9/2020 - 10:46:25.168Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
21/9/2020 - 10:46:25.262Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
21/9/2020 - 10:46:25.262Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
21/9/2020 - 10:46:25.262Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
21/9/2020 - 10:46:25.262Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
21/9/2020 - 10:46:25.356Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
21/9/2020 - 10:46:25.356Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
21/9/2020 - 10:46:25.356Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
21/9/2020 - 10:46:25.356Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
21/9/2020 - 10:46:25.450Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
21/9/2020 - 10:46:25.450Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 10:46:25.450Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 10:46:25.450Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 10:46:25.543Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
21/9/2020 - 10:46:25.543Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
21/9/2020 - 10:46:25.543Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
21/9/2020 - 10:46:25.543Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
21/9/2020 - 10:46:25.637Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
21/9/2020 - 10:46:25.637Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
21/9/2020 - 10:46:25.637Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
21/9/2020 - 10:46:25.637Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
21/9/2020 - 10:46:25.731Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
21/9/2020 - 10:46:25.731Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
21/9/2020 - 10:46:25.731Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
21/9/2020 - 10:46:25.731Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
21/9/2020 - 10:46:25.825Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
21/9/2020 - 10:46:25.825Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 10:46:25.825Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 10:46:25.825Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 10:46:25.918Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
21/9/2020 - 10:46:25.918Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
21/9/2020 - 10:46:25.918Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
21/9/2020 - 10:46:25.918Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
21/9/2020 - 10:46:26.12Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
21/9/2020 - 10:46:26.12Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
21/9/2020 - 10:46:26.12Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
21/9/2020 - 10:46:26.12Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
21/9/2020 - 10:46:26.106Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
21/9/2020 - 10:46:26.106Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
21/9/2020 - 10:46:26.106Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
21/9/2020 - 10:46:26.106Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
21/9/2020 - 10:46:26.200Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
21/9/2020 - 10:46:26.200Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 10:46:26.200Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 10:46:26.200Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 10:46:26.481Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
21/9/2020 - 10:46:26.622Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 10:46:26.622Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 10:46:26.622Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 10:46:26.762Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 10:46:26.809Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
21/9/2020 - 10:46:26.997Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
21/9/2020 - 10:46:26.997Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
21/9/2020 - 10:46:26.997Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
21/9/2020 - 10:46:27.137Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
21/9/2020 - 10:46:27.325Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
21/9/2020 - 10:46:27.325Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
21/9/2020 - 10:46:27.325Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
21/9/2020 - 10:46:27.465Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
21/9/2020 - 10:46:27.653Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
21/9/2020 - 10:46:27.653Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
21/9/2020 - 10:46:27.653Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
21/9/2020 - 10:46:27.793Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
21/9/2020 - 10:46:27.981Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 10:46:27.981Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 10:46:27.981Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 10:46:28.309Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 10:46:28.543Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
21/9/2020 - 10:46:28.825Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
21/9/2020 - 10:46:28.825Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
21/9/2020 - 10:46:28.825Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
21/9/2020 - 10:46:28.965Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
21/9/2020 - 10:46:29.200Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
21/9/2020 - 10:46:29.200Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
21/9/2020 - 10:46:29.200Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
21/9/2020 - 10:46:29.340Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
21/9/2020 - 10:46:29.668Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
21/9/2020 - 10:46:29.668Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
21/9/2020 - 10:46:29.668Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
21/9/2020 - 10:46:29.809Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
21/9/2020 - 10:46:30.43Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 10:46:30.43Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 10:46:30.43Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 10:46:30.137Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
21/9/2020 - 10:46:30.137Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
21/9/2020 - 10:46:30.137Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
21/9/2020 - 10:46:30.137Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
21/9/2020 - 10:46:30.231Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
21/9/2020 - 10:46:30.231Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
21/9/2020 - 10:46:30.231Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
21/9/2020 - 10:46:30.231Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
21/9/2020 - 10:46:30.325Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
21/9/2020 - 10:46:30.325Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
21/9/2020 - 10:46:30.325Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
21/9/2020 - 10:46:30.325Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
21/9/2020 - 10:46:30.418Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
21/9/2020 - 10:46:30.512Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
21/9/2020 - 10:46:30.512Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 10:46:30.512Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 10:46:30.512Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 10:46:30.653Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
21/9/2020 - 10:46:30.700Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
21/9/2020 - 10:46:30.700Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
21/9/2020 - 10:46:30.700Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
21/9/2020 - 10:46:30.840Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
21/9/2020 - 10:46:30.887Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
21/9/2020 - 10:46:30.887Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
21/9/2020 - 10:46:30.887Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
21/9/2020 - 10:46:31.28Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
21/9/2020 - 10:46:31.75Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
21/9/2020 - 10:46:31.75Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
21/9/2020 - 10:46:31.75Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
21/9/2020 - 10:46:31.215Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
21/9/2020 - 10:46:31.262Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 10:46:31.262Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 10:46:31.262Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 10:46:31.356Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
21/9/2020 - 10:46:31.450Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
21/9/2020 - 10:46:31.450Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
21/9/2020 - 10:46:31.450Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
21/9/2020 - 10:46:31.543Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
21/9/2020 - 10:46:31.637Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
21/9/2020 - 10:46:31.637Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
21/9/2020 - 10:46:31.637Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
21/9/2020 - 10:46:31.731Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
21/9/2020 - 10:46:31.825Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
21/9/2020 - 10:46:31.825Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
21/9/2020 - 10:46:31.825Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
21/9/2020 - 10:46:31.918Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
21/9/2020 - 10:46:32.12Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 10:46:32.12Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 10:46:32.12Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 10:46:32.106Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
21/9/2020 - 10:46:32.153Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
21/9/2020 - 10:46:32.153Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
21/9/2020 - 10:46:32.153Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
21/9/2020 - 10:46:32.247Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
21/9/2020 - 10:46:32.293Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
21/9/2020 - 10:46:32.293Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
21/9/2020 - 10:46:32.293Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
21/9/2020 - 10:46:32.387Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
21/9/2020 - 10:46:32.465Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
21/9/2020 - 10:46:32.465Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
21/9/2020 - 10:46:32.465Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
21/9/2020 - 10:46:32.559Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
21/9/2020 - 10:46:32.606Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 10:46:32.606Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 10:46:32.606Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 10:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
21/9/2020 - 10:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
21/9/2020 - 10:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
21/9/2020 - 10:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
21/9/2020 - 10:46:32.793Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
21/9/2020 - 10:46:32.793Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 10:46:32.793Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 10:46:32.793Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 10:46:32.934Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
21/9/2020 - 10:46:34.528Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 10:46:34.528Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 10:46:34.528Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 10:46:34.622Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
21/9/2020 - 10:46:34.622Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
21/9/2020 - 10:46:34.622Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
21/9/2020 - 10:46:34.622Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
21/9/2020 - 10:46:34.715Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
21/9/2020 - 10:46:34.715Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
21/9/2020 - 10:46:34.715Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
21/9/2020 - 10:46:34.715Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
21/9/2020 - 10:46:34.809Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
21/9/2020 - 10:46:34.809Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
21/9/2020 - 10:46:34.809Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
21/9/2020 - 10:46:34.809Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
21/9/2020 - 10:46:34.903Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
21/9/2020 - 10:46:34.903Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 10:46:34.903Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 10:46:34.903Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 10:46:35.43Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
21/9/2020 - 10:46:35.43Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
21/9/2020 - 10:46:35.43Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
21/9/2020 - 10:46:35.43Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
21/9/2020 - 10:46:35.184Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
21/9/2020 - 10:46:35.184Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
21/9/2020 - 10:46:35.184Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
21/9/2020 - 10:46:35.184Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
21/9/2020 - 10:46:35.325Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
21/9/2020 - 10:46:35.325Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
21/9/2020 - 10:46:35.325Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
21/9/2020 - 10:46:35.325Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
21/9/2020 - 10:46:35.465Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
21/9/2020 - 10:46:35.465Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 10:46:35.465Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 10:46:35.465Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 10:46:35.559Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
21/9/2020 - 10:46:35.559Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
21/9/2020 - 10:46:35.559Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
21/9/2020 - 10:46:35.559Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
21/9/2020 - 10:46:35.653Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
21/9/2020 - 10:46:35.653Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 10:46:35.653Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 10:46:35.653Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 10:46:35.747Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
21/9/2020 - 10:46:35.747Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
21/9/2020 - 10:46:35.747Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
21/9/2020 - 10:46:35.747Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
21/9/2020 - 10:46:35.840Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
21/9/2020 - 10:46:35.840Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
21/9/2020 - 10:46:35.840Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
21/9/2020 - 10:46:35.840Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
21/9/2020 - 10:46:35.934Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
21/9/2020 - 10:46:35.934Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
21/9/2020 - 10:46:35.934Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
21/9/2020 - 10:46:35.934Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
21/9/2020 - 10:46:36.28Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
21/9/2020 - 10:46:36.28Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 10:46:36.28Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 10:46:36.28Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 10:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
21/9/2020 - 10:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
21/9/2020 - 10:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
21/9/2020 - 10:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
21/9/2020 - 10:46:36.309Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
21/9/2020 - 10:46:36.309Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
21/9/2020 - 10:46:36.309Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
21/9/2020 - 10:46:36.309Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
21/9/2020 - 10:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
21/9/2020 - 10:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
21/9/2020 - 10:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
21/9/2020 - 10:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
21/9/2020 - 10:46:36.590Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
21/9/2020 - 10:46:36.590Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 10:46:36.590Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 10:46:36.590Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\coure.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\coure.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\coure.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\serife.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\serife.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\serife.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\sserife.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\sserife.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\sserife.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\smalle.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\smalle.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\smalle.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\smallf.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\smallf.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\smallf.fon
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
21/9/2020 - 10:46:36.684Unknown2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
21/9/2020 - 10:46:36.684Unknown2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.684Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
21/9/2020 - 10:46:36.684Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.731Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.778Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.825Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
21/9/2020 - 10:46:36.825Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.872Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.918Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:36.965Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:37.12Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:37.59Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:37.106Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:37.153Unknown2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
21/9/2020 - 10:46:37.153Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 10:46:37.153Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 10:46:37.153Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 10:46:37.293Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
21/9/2020 - 10:46:37.668Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
21/9/2020 - 10:46:37.668Read2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
21/9/2020 - 10:46:37.668Read2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
21/9/2020 - 10:46:37.668Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
21/9/2020 - 10:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
21/9/2020 - 10:46:37.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:37.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:37.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:37.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:37.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:38.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:38.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:38.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:38.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:38.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:38.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:38.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:38.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:38.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:38.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:38.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:38.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:39.450Unknown2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:39.450Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
21/9/2020 - 10:46:39.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.731Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
21/9/2020 - 10:46:39.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:39.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:40.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:40.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:40.153Open2088C:\malware.exeC:\Windows\Globalization\en-us.nlp
21/9/2020 - 10:46:40.153Open2088C:\malware.exeC:\malware.config
21/9/2020 - 10:46:40.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:40.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:40.247Open2088C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:40.293Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:40.293Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:40.293Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.387Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.387Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.387Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.434Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.481Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.528Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.575Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:40.622Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:40.622Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.622Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.668Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.715Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:40.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:40.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:40.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:40.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:40.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:40.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:41.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:41.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:41.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:41.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:41.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:41.840Open2088C:\malware.exeC:\WindowsCodecs.dll
21/9/2020 - 10:46:41.840Open2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
21/9/2020 - 10:46:41.840Unknown2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
21/9/2020 - 10:46:41.840Open2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
21/9/2020 - 10:46:41.840Unknown2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
21/9/2020 - 10:46:41.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:41.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:41.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:41.981Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
21/9/2020 - 10:46:42.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:42.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:42.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:43.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:43.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:43.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:43.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:44.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:44.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:44.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:45.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:46.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:46.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:46.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:46.481Open2088C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:46.481Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:46.622Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:46.622Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:46.700Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.700Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:46.700Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.747Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.793Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.840Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.887Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.934Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:46.981Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.28Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.75Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:47.75Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:47.75Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.122Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.168Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.215Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.262Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.309Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
21/9/2020 - 10:46:47.309Open2088C:\malware.exeC:\VERSION.dll
21/9/2020 - 10:46:47.309Open2088C:\malware.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 10:46:47.309Open2088C:\malware.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 10:46:47.309Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:47.309Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.309Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.356Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:47.356Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.356Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:47.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:47.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.59Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
21/9/2020 - 10:46:48.59Open2088C:\malware.exeC:\bcrypt.dll
21/9/2020 - 10:46:48.59Open2088C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 10:46:48.59Open2088C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 10:46:48.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\CRYPTSP.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:48.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:48.997Open2088C:\malware.exeC:\pt-BR\tsWERlfP.resources.dll
21/9/2020 - 10:46:48.997Open2088C:\malware.exeC:\pt-BR\tsWERlfP.resources\tsWERlfP.resources.dll
21/9/2020 - 10:46:48.997Open2088C:\malware.exeC:\pt-BR\tsWERlfP.resources.exe
21/9/2020 - 10:46:48.997Open2088C:\malware.exeC:\pt-BR\tsWERlfP.resources\tsWERlfP.resources.exe
21/9/2020 - 10:46:49.43Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 10:46:49.43Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:49.231Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:49.231Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:49.231Unknown2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\Windows\Globalization\pt.nlp
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\pt\tsWERlfP.resources.dll
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\pt\tsWERlfP.resources\tsWERlfP.resources.dll
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\pt\tsWERlfP.resources.exe
21/9/2020 - 10:46:49.231Open2088C:\malware.exeC:\pt\tsWERlfP.resources\tsWERlfP.resources.exe
21/9/2020 - 10:46:49.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:49.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:49.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:49.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt\ReZer0V2.resources.dll
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt\ReZer0V2.resources.exe
21/9/2020 - 10:46:50.90Open2088C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
21/9/2020 - 10:46:50.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.200Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:50.247Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:50.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.340Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:50.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.481Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:50.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:50.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:50.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:50.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:50.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:50.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:51.43Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:51.43Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:51.137Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:51.137Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:46:51.231Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.231Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:46:51.231Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.278Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.325Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.372Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.418Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.465Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:51.465Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:46:51.465Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:46:51.465Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:46:51.465Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.465Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:46:51.465Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.465Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.465Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:46:51.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:51.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:51.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:51.934Open2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:51.934Open2088C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/9/2020 - 10:46:51.934Open2088C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/9/2020 - 10:46:51.934Unknown2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:51.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.28Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
21/9/2020 - 10:46:52.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.75Open2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.75Unknown2088C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
21/9/2020 - 10:46:52.75Read2924C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
21/9/2020 - 10:46:52.75Open2924C:\malware.exe\Device\HarddiskVolume2
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 10:46:52.75Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.75Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.75Read2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.122Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
21/9/2020 - 10:46:52.122Read1528C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
21/9/2020 - 10:46:52.122Open1528C:\malware.exe\Device\HarddiskVolume2
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\Favorites
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\Favorites
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\Favorites
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Default
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Default\AppData
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Default\AppData\Roaming
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.122Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Fonts
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Fonts
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Fonts
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Globalization
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Globalization
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Globalization
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Globalization\Sorting
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Globalization\Sorting
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Globalization\Sorting
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Microsoft.NET
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Microsoft.NET
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Microsoft.NET
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\System32
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\System32
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\System32
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\System32\pt-BR
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\System32\pt-BR
21/9/2020 - 10:46:52.122Unknown1528C:\malware.exeC:\Windows\System32\pt-BR
21/9/2020 - 10:46:52.122Open1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\ntdll.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\ntdll.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\kernel32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\kernel32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\user32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\user32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\apisetschema.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\locale.nls
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\locale.nls
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\user32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\user32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\lpk.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\lpk.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\usp10.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\usp10.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\msctf.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\msctf.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.mui
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\profapi.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\profapi.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Z2FRITE9.TXT
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DFST16R9.TXT
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\System32\mctres.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\System32\mctres.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:46:52.137Unknown1528C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:46:52.137Open1528C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\CCQRJZ70.TXT
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\PV4CHTIY.TXT
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[5].XML
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[6].XML
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]cm[1]
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\KKO6BXU4.TXT
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\System32\mctres.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\locale.nls
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DFST16R9.TXT
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
21/9/2020 - 10:46:52.153Read1528C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
21/9/2020 - 10:46:52.153Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\ntdll.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\kernel32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\user32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\user32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\lpk.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\usp10.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\msctf.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\profapi.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]cm[1]
21/9/2020 - 10:46:52.153Unknown1528C:\malware.exe\Device\HarddiskVolume2
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.153Open1528C:\malware.exeC:\Windows\System32\wow64log.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.168Unknown1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.168Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
21/9/2020 - 10:46:52.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.168Open1528C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.168Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:52.168Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\Favorites
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\Favorites
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\Favorites
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Default
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Default\AppData
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Default\AppData\Roaming
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Fonts
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Fonts
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Fonts
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Globalization
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Globalization
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Globalization
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Globalization\Sorting
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Globalization\Sorting
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Globalization\Sorting
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Microsoft.NET
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Microsoft.NET
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Microsoft.NET
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\pt-BR
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\pt-BR
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\pt-BR
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\ntdll.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\ntdll.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\kernel32.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\kernel32.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\user32.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\user32.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\apisetschema.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\System32\locale.nls
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\System32\locale.nls
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:52.184Open2924C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
21/9/2020 - 10:46:52.184Unknown2924C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\user32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\user32.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\lpk.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\lpk.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\usp10.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\usp10.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\msctf.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\msctf.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.mui
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\profapi.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\profapi.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Z2FRITE9.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DFST16R9.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\System32\mctres.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\mctres.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\CCQRJZ70.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\PV4CHTIY.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[5].XML
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[6].XML
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]cm[1]
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\KKO6BXU4.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:46:52.200Read2924C:\malware.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\locale.nls
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\marlett.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\arial.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\arialbd.ttf
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\batang.ttc
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Fonts\courbi.ttf
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\UAFCZPL6.TXT
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[5].XML
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DFST16R9.TXT
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Temp
21/9/2020 - 10:46:52.200Open2924C:\malware.exeC:\Windows\Temp\TMP000000A2AF46498673C01EB8
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\ntdll.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\kernel32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\user32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\user32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\lpk.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\usp10.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\msctf.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\ole32.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\profapi.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\System32\mctres.dll
21/9/2020 - 10:46:52.200Unknown2924C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 10:46:52.215Unknown2924C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
21/9/2020 - 10:46:52.215Unknown2924C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]cm[1]
21/9/2020 - 10:46:52.215Unknown2924C:\malware.exe\Device\HarddiskVolume2
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe.config
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:46:52.215Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.215Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.215Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.215Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.215Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe.config
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.215Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
21/9/2020 - 10:46:52.231Open1528C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 10:46:52.231Open1528C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 10:46:52.231Open1528C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.231Open1528C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:46:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2088.1118281
21/9/2020 - 10:46:52.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2088.1118281
21/9/2020 - 10:46:52.231Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2088.1118343
21/9/2020 - 10:46:52.293Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.293Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 10:46:52.293Open1528C:\malware.exeC:\malware.config
21/9/2020 - 10:46:52.293Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.293Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.293Open1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.293Unknown1528C:\malware.exeC:\Monitor\Malware
21/9/2020 - 10:46:52.293Open1528C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
21/9/2020 - 10:46:52.293Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.293Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:46:52.309Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.309Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.309Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 10:46:52.309Open1528C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:46:52.309Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.309Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.309Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\pubpol4.dat
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:46:52.325Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:52.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:46:52.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:52.387Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:52.387Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.434Open2088C:\malware.exeC:\RpcRtRemote.dll
21/9/2020 - 10:46:52.434Open2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 10:46:52.434Unknown2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 10:46:52.434Open2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 10:46:52.434Unknown2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 10:46:52.434Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.481Read2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:52.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.575Unknown2088C:\malware.exeC:\Windows
21/9/2020 - 10:46:52.575Unknown2088C:\malware.exeC:\Monitor
21/9/2020 - 10:46:52.575Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.575Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:52.575Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 10:46:52.575Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.622Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.668Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.715Unknown1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.715Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\Globalization\pt-br.nlp
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:46:52.715Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\bcrypt.dll
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 10:46:52.715Open1528C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 10:46:52.715Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:52.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.856Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.903Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.950Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:52.997Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:53.43Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:53.90Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:53.137Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:53.184Open1528C:\malware.exeC:\dwmapi.dll
21/9/2020 - 10:46:53.184Open1528C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 10:46:53.184Open1528C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 10:46:53.184Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.278Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\VERSION.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.325Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:46:53.372Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.418Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.512Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.559Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.606Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.653Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.700Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.747Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.793Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:53.840Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:53.887Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\CRYPTSP.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.28Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.43Open1528C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:46:54.43Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:54.43Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 10:46:54.43Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:54.137Open1528C:\malware.exeC:\RpcRtRemote.dll
21/9/2020 - 10:46:54.137Open1528C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 10:46:54.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 10:46:54.137Open1528C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 10:46:54.137Unknown1528C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 10:46:54.184Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
21/9/2020 - 10:46:54.184Unknown1528C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
21/9/2020 - 10:46:54.184Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
21/9/2020 - 10:46:54.387Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
21/9/2020 - 10:46:54.387Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
21/9/2020 - 10:46:54.856Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
21/9/2020 - 10:46:54.856Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
21/9/2020 - 10:46:54.856Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
21/9/2020 - 10:46:54.856Open1528C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
21/9/2020 - 10:46:54.856Open1528C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.231Open1528C:\malware.exeC:\SXS.DLL
21/9/2020 - 10:46:55.231Open1528C:\malware.exeC:\Windows\SysWOW64\sxs.dll
21/9/2020 - 10:46:55.231Open1528C:\malware.exeC:\Windows\SysWOW64\sxs.dll
21/9/2020 - 10:46:55.231Open1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.231Open1528C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.247Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.247Read1528C:\malware.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 10:46:55.247Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:55.715Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:55.715Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.715Read1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.731Unknown1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 10:46:55.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:55.731Open1528C:\malware.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
21/9/2020 - 10:46:56.762Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
21/9/2020 - 10:46:56.762Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:56.762Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:56.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:56.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:46:56.856Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.856Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.903Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.950Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:56.997Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:46:57.43Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21/9/2020 - 10:46:57.90Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.90Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21/9/2020 - 10:46:57.90Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.137Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.184Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.231Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.278Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21/9/2020 - 10:46:57.278Unknown1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.278Open1528C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:46:57.278Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:57.278Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:57.278Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:46:57.278Read1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 10:46:57.278Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 10:46:57.465Read1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:46:57.793Open1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
21/9/2020 - 10:47:1.356Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:1.356Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:7.606Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:7.700Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:8.825Open1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:47:8.825Open1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:47:8.825Open1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:47:8.825Open1528C:\malware.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\malware.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Write1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.731Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:11.778Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.778Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe
21/9/2020 - 10:47:11.778Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\newapp\newapp.exe:Zone.Identifier
21/9/2020 - 10:47:27.184Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.278Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.325Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:27.372Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:27.418Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 10:47:27.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.512Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:27.559Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:27.606Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:27.653Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.700Open1528C:\malware.exeC:\shfolder.dll
21/9/2020 - 10:47:27.700Open1528C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 10:47:27.700Open1528C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 10:47:27.700Open1528C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:47:27.700Unknown1528C:\malware.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 10:47:27.700Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:27.747Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.793Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.840Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.887Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.934Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:27.981Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:28.28Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Elements Browser\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\360Chrome\Chrome\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\BraveSoftware\Brave-Browser\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\CentBrowser\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Iridium\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Chromium\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\uCozMedia\Uran\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\CatalinaGroup\Citrio\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Orbitum\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Epic Privacy Browser\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\liebao\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\CocCoc\Browser\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Amigo\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\QIP Surf\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\7Star\7Star\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Kometa\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Torch\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Coowon\Coowon\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Sputnik\Sputnik\User Data
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
21/9/2020 - 10:47:28.137Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Chedot\User Data
21/9/2020 - 10:47:28.153Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.200Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.247Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.293Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.340Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.387Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.434Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.575Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.622Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.668Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.715Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:28.762Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
21/9/2020 - 10:47:28.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\Globalization\en-us.nlp
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\malware.config
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:47:28.809Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:47:28.809Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:47:28.809Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:47:28.809Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:28.809Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 10:47:28.809Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:28.809Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:28.809Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:28.856Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:28.903Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:28.950Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:28.997Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
21/9/2020 - 10:47:28.997Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\The Bat!
21/9/2020 - 10:47:28.997Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.43Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.90Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:29.137Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.184Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.231Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.278Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.325Open1528C:\malware.exeC:\Monitor
21/9/2020 - 10:47:29.325Unknown1528C:\malware.exeC:\Monitor
21/9/2020 - 10:47:29.325Open1528C:\malware.exeC:\netsh.exe
21/9/2020 - 10:47:29.325Open1528C:\malware.exeC:\Monitor\netsh.exe
21/9/2020 - 10:47:29.325Open1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.372Open1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.372Open1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:47:29.559Unknown1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\
21/9/2020 - 10:47:29.559Unknown1528C:\malware.exeC:\
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows
21/9/2020 - 10:47:29.559Unknown1528C:\malware.exeC:\Windows
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:47:29.559Unknown1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:47:29.559Unknown1528C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.559Read1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.559Read1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.559Read1528C:\malware.exeC:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:29.559Open1528C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
21/9/2020 - 10:47:29.559Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:29.559Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:29.606Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\Prefetch\NETSH.EXE-CD959116.pf
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\wow64log.dll
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows
21/9/2020 - 10:47:29.606Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows
21/9/2020 - 10:47:29.606Open2656C:\Windows\SysWOW64\netsh.exeC:\Monitor
21/9/2020 - 10:47:29.606Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:29.606Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:29.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:47:29.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 10:47:29.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
21/9/2020 - 10:47:29.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mpr.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.mui
21/9/2020 - 10:47:29.997Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\credui.dll
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netsh.exe.Local
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 10:47:30.12Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.Manifest
21/9/2020 - 10:47:30.12Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
21/9/2020 - 10:47:30.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasmontr.dll
21/9/2020 - 10:47:30.153Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
21/9/2020 - 10:47:30.153Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mprapi.dll
21/9/2020 - 10:47:30.200Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
21/9/2020 - 10:47:30.200Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasapi32.dll
21/9/2020 - 10:47:30.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
21/9/2020 - 10:47:30.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rasman.dll
21/9/2020 - 10:47:30.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/9/2020 - 10:47:30.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
21/9/2020 - 10:47:30.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
21/9/2020 - 10:47:30.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mfc42u.dll
21/9/2020 - 10:47:30.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
21/9/2020 - 10:47:30.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbc32.dll
21/9/2020 - 10:47:31.231Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/9/2020 - 10:47:31.231Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
21/9/2020 - 10:47:31.231Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
21/9/2020 - 10:47:31.231Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winnsi.dll
21/9/2020 - 10:47:31.278Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
21/9/2020 - 10:47:31.278Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\odbcint.dll
21/9/2020 - 10:47:31.418Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL
21/9/2020 - 10:47:31.418Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\MFC42LOC.DLL.DLL
21/9/2020 - 10:47:31.418Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL
21/9/2020 - 10:47:31.418Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\System32\MFC42LOC.DLL.DLL
21/9/2020 - 10:47:31.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
21/9/2020 - 10:47:31.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshwfp.dll
21/9/2020 - 10:47:31.700Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
21/9/2020 - 10:47:31.700Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\slc.dll
21/9/2020 - 10:47:31.840Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
21/9/2020 - 10:47:31.887Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
21/9/2020 - 10:47:31.887Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dll
21/9/2020 - 10:47:31.887Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
21/9/2020 - 10:47:31.934Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
21/9/2020 - 10:47:31.981Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
21/9/2020 - 10:47:32.28Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
21/9/2020 - 10:47:32.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/9/2020 - 10:47:32.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc.dll
21/9/2020 - 10:47:32.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/9/2020 - 10:47:32.28Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/9/2020 - 10:47:32.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
21/9/2020 - 10:47:32.28Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
21/9/2020 - 10:47:32.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:32.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:32.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
21/9/2020 - 10:47:32.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QUTIL.DLL
21/9/2020 - 10:47:32.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
21/9/2020 - 10:47:32.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wevtapi.dll
21/9/2020 - 10:47:32.262Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dhcpcmonitor.dlldhcpcmonitor.dll
21/9/2020 - 10:47:32.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
21/9/2020 - 10:47:32.309Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wshelper.dll
21/9/2020 - 10:47:32.450Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
21/9/2020 - 10:47:32.497Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ws2help.dll
21/9/2020 - 10:47:32.497Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
21/9/2020 - 10:47:32.497Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\mswsock.dll
21/9/2020 - 10:47:32.497Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 10:47:32.497Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 10:47:32.497Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
21/9/2020 - 10:47:32.497Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshhttp.dll
21/9/2020 - 10:47:32.637Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
21/9/2020 - 10:47:32.637Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\httpapi.dll
21/9/2020 - 10:47:32.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
21/9/2020 - 10:47:32.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\fwcfg.dll
21/9/2020 - 10:47:33.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
21/9/2020 - 10:47:33.12Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.12Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dll
21/9/2020 - 10:47:33.12Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.59Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.106Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.153Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.200Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.247Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.293Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 10:47:33.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 10:47:33.340Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\FirewallAPI.dllFirewallAPI.dll
21/9/2020 - 10:47:33.434Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
21/9/2020 - 10:47:33.481Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dll
21/9/2020 - 10:47:33.481Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.528Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.575Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.622Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.668Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.715Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.762Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:33.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 10:47:33.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 10:47:33.809Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
21/9/2020 - 10:47:33.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winipsec.dll
21/9/2020 - 10:47:34.184Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:34.231Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:34.278Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:34.325Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:34.372Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\authfwcfg.dllauthfwcfg.dll
21/9/2020 - 10:47:34.418Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
21/9/2020 - 10:47:34.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\ifmon.dll
21/9/2020 - 10:47:34.653Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
21/9/2020 - 10:47:34.653Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nci.dll
21/9/2020 - 10:47:34.934Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
21/9/2020 - 10:47:34.934Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\devrtl.dll
21/9/2020 - 10:47:35.309Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
21/9/2020 - 10:47:35.356Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netiohlp.dll
21/9/2020 - 10:47:35.637Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 10:47:35.637Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 10:47:35.731Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
21/9/2020 - 10:47:35.731Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\whhelper.dll
21/9/2020 - 10:47:35.918Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 10:47:35.918Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\winhttp.dll
21/9/2020 - 10:47:35.918Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 10:47:35.918Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\webio.dll
21/9/2020 - 10:47:35.965Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
21/9/2020 - 10:47:35.965Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\hnetmon.dll
21/9/2020 - 10:47:36.153Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
21/9/2020 - 10:47:36.153Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netshell.dll
21/9/2020 - 10:47:36.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
21/9/2020 - 10:47:36.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nlaapi.dll
21/9/2020 - 10:47:36.622Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
21/9/2020 - 10:47:36.668Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcnsh.dll
21/9/2020 - 10:47:36.903Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
21/9/2020 - 10:47:36.903Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3cfg.dll
21/9/2020 - 10:47:37.184Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
21/9/2020 - 10:47:37.184Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dot3api.dll
21/9/2020 - 10:47:37.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
21/9/2020 - 10:47:37.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\atl.dll
21/9/2020 - 10:47:37.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
21/9/2020 - 10:47:37.465Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappcfg.dll
21/9/2020 - 10:47:37.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
21/9/2020 - 10:47:37.793Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\onex.dll
21/9/2020 - 10:47:38.75Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
21/9/2020 - 10:47:38.75Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\eappprxy.dll
21/9/2020 - 10:47:38.543Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
21/9/2020 - 10:47:38.590Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\NAPMONTR.DLL
21/9/2020 - 10:47:38.872Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
21/9/2020 - 10:47:38.918Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\certcli.dll
21/9/2020 - 10:47:39.434Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
21/9/2020 - 10:47:39.434Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\nshipsec.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netapi32.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\netutils.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\srvcli.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wkscli.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
21/9/2020 - 10:47:39.747Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\logoncli.dll
21/9/2020 - 10:47:40.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
21/9/2020 - 10:47:40.28Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\activeds.dll
21/9/2020 - 10:47:40.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
21/9/2020 - 10:47:40.262Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\adsldpc.dll
21/9/2020 - 10:47:40.590Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
21/9/2020 - 10:47:40.590Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
21/9/2020 - 10:47:40.825Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\polstore.dll
21/9/2020 - 10:47:41.106Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
21/9/2020 - 10:47:41.106Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pnetsh.dll
21/9/2020 - 10:47:41.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
21/9/2020 - 10:47:41.387Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
21/9/2020 - 10:47:41.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\P2P.dll
21/9/2020 - 10:47:41.512Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
21/9/2020 - 10:47:41.512Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
21/9/2020 - 10:47:41.512Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
21/9/2020 - 10:47:41.543Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
21/9/2020 - 10:47:41.965Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
21/9/2020 - 10:47:41.965Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlancfg.dll
21/9/2020 - 10:47:42.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
21/9/2020 - 10:47:42.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanapi.dll
21/9/2020 - 10:47:42.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
21/9/2020 - 10:47:42.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanutil.dll
21/9/2020 - 10:47:42.387Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
21/9/2020 - 10:47:42.387Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\wlanhlp.dll
21/9/2020 - 10:47:42.387Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
21/9/2020 - 10:47:42.387Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.387Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dll
21/9/2020 - 10:47:42.387Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.434Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.481Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.528Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.528Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.575Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.622Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.622Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:42.668Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 10:47:42.668Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 10:47:42.668Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:47:42.668Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
21/9/2020 - 10:47:42.856Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dll
21/9/2020 - 10:47:42.856Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\qagentrt.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\dnsapi.dll
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
21/9/2020 - 10:47:42.856Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\QAGENT.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\DHCPQEC.DLL
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.153Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
21/9/2020 - 10:47:43.200Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
21/9/2020 - 10:47:43.247Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
21/9/2020 - 10:47:43.247Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.mui
21/9/2020 - 10:47:43.247Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\napipsec.dll.muinapipsec.dll.mui
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\napipsec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.247Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\tsgqec.dll
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.340Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.434Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\EAPQEC.DLL.MUIEAPQEC.DLL.MUI
21/9/2020 - 10:47:43.481Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\EAPQEC.DLL
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 10:47:43.575Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 10:47:43.575Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 10:47:43.575Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 10:47:43.622Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.mui
21/9/2020 - 10:47:43.668Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
21/9/2020 - 10:47:43.715Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\p2pnetsh.dll.muip2pnetsh.dll.mui
21/9/2020 - 10:47:43.762Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:43.809Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:43.856Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:43.903Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:43.950Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:43.997Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:44.43Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:44.90Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:44.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
21/9/2020 - 10:47:44.137Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\gpapi.dll
21/9/2020 - 10:47:44.231Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:44.278Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:44.278Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\PeerDistSh.dllPeerDistSh.dll
21/9/2020 - 10:47:44.325Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
21/9/2020 - 10:47:44.325Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
21/9/2020 - 10:47:44.325Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dll
21/9/2020 - 10:47:44.325Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
21/9/2020 - 10:47:44.418Open2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.mui
21/9/2020 - 10:47:44.465Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
21/9/2020 - 10:47:44.512Read2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\wlancfg.dll.muiwlancfg.dll.mui
21/9/2020 - 10:47:45.450Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows
21/9/2020 - 10:47:45.450Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Monitor
21/9/2020 - 10:47:45.450Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\SysWOW64\pt-BR\netsh.exe.muinetsh.exe.mui
21/9/2020 - 10:47:45.450Unknown2656C:\Windows\SysWOW64\netsh.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 10:47:45.450Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
21/9/2020 - 10:47:45.450Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
21/9/2020 - 10:47:45.450Open1528C:\malware.exeC:\Program Files (x86)
21/9/2020 - 10:47:45.450Unknown1528C:\malware.exeC:\Program Files (x86)
21/9/2020 - 10:47:45.450Open1528C:\malware.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
21/9/2020 - 10:47:45.450Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:45.450Open1528C:\malware.exeC:\cftp\Ftplist.txt
21/9/2020 - 10:47:45.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.465Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Trillian\users\global\accounts.dat
21/9/2020 - 10:47:45.465Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
21/9/2020 - 10:47:45.465Open1528C:\malware.exeC:\Program Files (x86)\jDownloader\config\database.script
21/9/2020 - 10:47:45.465Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
21/9/2020 - 10:47:45.465Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
21/9/2020 - 10:47:45.465Unknown1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.465Open1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
21/9/2020 - 10:47:45.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.465Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:47:45.481Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:45.481Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi\profiles
21/9/2020 - 10:47:45.481Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Psi+\profiles
21/9/2020 - 10:47:45.497Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
21/9/2020 - 10:47:45.497Open1528C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
21/9/2020 - 10:47:45.497Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
21/9/2020 - 10:47:45.497Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
21/9/2020 - 10:47:45.497Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.497Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.497Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.497Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.497Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.497Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
21/9/2020 - 10:47:45.512Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Unknown1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dllMicrosoft.VisualBasic.resources.dll
21/9/2020 - 10:47:45.512Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\malware.exe.Local
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:47:45.512Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:47:45.512Unknown1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 10:47:45.512Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\UCBrowser
21/9/2020 - 10:47:45.512Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.528Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
21/9/2020 - 10:47:45.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:45.575Open1528C:\malware.exeC:\vaultcli.dll
21/9/2020 - 10:47:45.575Open1528C:\malware.exeC:\vaultcli.dll
21/9/2020 - 10:47:45.575Open1528C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
21/9/2020 - 10:47:45.575Open1528C:\malware.exeC:\Windows\SysWOW64\vaultcli.dll
21/9/2020 - 10:47:46.356Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:46.356Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
21/9/2020 - 10:47:46.356Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Monitor\Folder.lst
21/9/2020 - 10:47:46.372Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\FTP Navigator\Ftplist.txt
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\icecat\profiles.ini
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Waterfox\profiles.ini
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
21/9/2020 - 10:47:46.372Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\FTPGetter\servers.xml
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data
21/9/2020 - 10:47:46.387Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
21/9/2020 - 10:47:46.387Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 10:47:46.450Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
21/9/2020 - 10:47:46.450Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Comodo\IceDragon\profiles.ini
21/9/2020 - 10:47:46.450Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
21/9/2020 - 10:47:46.450Open1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:46.497Open1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:46.809Open1528C:\malware.exeC:\Windows\SysWOW64\mpr.dll
21/9/2020 - 10:47:46.809Open1528C:\malware.exeC:\Windows\SysWOW64\mpr.dll
21/9/2020 - 10:47:46.809Open1528C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
21/9/2020 - 10:47:46.856Open1528C:\malware.exeC:\Windows\SysWOW64\scrrun.dll
21/9/2020 - 10:47:47.231Open1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\SysWOW64\wshom.ocx
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 10:47:47.231Read1528C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 10:47:47.231Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\falkon\profiles\profiles.ini
21/9/2020 - 10:47:47.231Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
21/9/2020 - 10:47:47.247Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
21/9/2020 - 10:47:47.247Open1528C:\malware.exeC:\Storage
21/9/2020 - 10:47:47.247Open1528C:\malware.exeC:\mail
21/9/2020 - 10:47:47.247Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
21/9/2020 - 10:47:47.247Open1528C:\malware.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
21/9/2020 - 10:47:47.247Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
21/9/2020 - 10:47:47.293Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail
21/9/2020 - 10:47:47.293Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Claws-mail\clawsrc
21/9/2020 - 10:47:47.293Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
21/9/2020 - 10:47:47.293Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\K-Meleon\profiles.ini
21/9/2020 - 10:47:47.293Open1528C:\malware.exeC:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
21/9/2020 - 10:47:55.528Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.575Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.622Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.668Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.762Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.809Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.856Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.903Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.950Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 10:47:55.997Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:56.43Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:56.90Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:56.137Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 10:47:56.184Read1528C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll

Process
Trace
21/9/2020 - 10:46:51.934Create2088C:\malware.exe2924C:\malware.exe
21/9/2020 - 10:46:52.75Create2088C:\malware.exe1528C:\malware.exe
21/9/2020 - 10:46:52.293Terminate2088C:\malware.exe2924C:\malware.exe
21/9/2020 - 10:47:29.559Create1528C:\malware.exe2656C:\Windows\SysWOW64\netsh.exe
21/9/2020 - 10:47:45.450Terminate1528C:\malware.exe2656C:\Windows\SysWOW64\netsh.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/9/2020 - 10:45:52.918Write2088C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
21/9/2020 - 10:47:11.778Write1528C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runnewapp
21/9/2020 - 10:47:42.856Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:42.856Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:42.856Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:42.856Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:42.856Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-100
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-101
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-103
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\dhcpqec.dll,-102
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.137Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-1
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-2
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-4
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\napipsec.dll,-3
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.247Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-100
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-101
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-102
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\tsgqec.dll,-103
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.340Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-100
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-101
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-102
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDB@%SystemRoot%\system32\eapqec.dll,-103
21/9/2020 - 10:47:43.481Write2656C:\Windows\SysWOW64\netsh.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 62.50%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 91.06%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 45.46%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 90.57%
suspicious: True check_circle

Add to Collection
Download