Report #11621 check_circle

Binary
DLL
False cancel
Size
430.50KB
trid
81.0% Generic CIL Executable
7.2% Win32 Dynamic Link Library
4.9% Win32 Executable
2.2% OS/2 Executable
2.2% Generic Win/DOS Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
304af7d10463a09589c56059c8c2f31c
sha1
f7ac80bd873bfb49942d3599ea4a30a1a8c6e514
crc32
0x8440f085
sha224
63e436e13a33efd0b0ed95922f0cfd21a8f5fbf24ee880b626a13c44
sha256
eec9dfb9ffe1fa518436941627c9fa844aeaa419c044ee7205760624bc72d001
sha384
616002c540d2d2bb8809515bfbc6bf5ba38bfe6cf52b2da138c909c76b2d970a5f18f144651b2fb0683fc149e8d17fe5
sha512
40f4085b13918037bac501909fc55884edf89f26aad97425c14e2c94ab4e77480a7f6dc403206eb9504c660045039cd4396c8f6fe1af6c1e7e9274a6d6d1d6f2
ssdeep
12288:HI7Jc65sOJOkefnMHNJfJPUHcSq4CkRaAQ4:HI7J5s6OBnMHNjc7CSab
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, IP, NETDLLMicrosoft, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
N.eC
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
PokerGame.Properties
UserInterface.dll
UserInterface.dll
UserInterface.dll
System.Security.Cryptography
PokerGame.Properties.Resources.resources
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
PokerGame.Properties.Resources
Og|e
s5W%i
get_Operation
set_Operation
It's a tie, deal with it later
'`\%e
%|ceH
3System.Resources.Tools.StronglyTypedResourceBuilder
WinnerIs
YLo%G
aefea
MulticastDelegate
System.Windows.Forms
Something went wrong with getting rank
Something went wrong getting suits
/)i%e .
yXIyEcxSIVZQPwSoW.exe
yXIyEcxSIVZQPwSoW.exe
yXIyEcxSIVZQPwSoW.exe
mscoree.dll
mscoree.dll
_register1
_register0
get_DebuggerDisplay
get_UserInterface2
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_ResourceManager
_registerD
_registerA
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
registeredOutput
The winner is PLAYER TWO!!
Register2Bit
UserInterface2
UserInterface2
Register16Bit
DebuggerBrowsableState
DebuggableAttribute
DebuggableAttribute
Value should be from 0 to (including) 15
DebuggingModes
DebuggingModes
The winner is PLAYER ONE!!
UserInterface
UserInterface
UserInterface
UserInterface
ResourceManager
Execute
GitDownload
GitDownload
register
isStraightFlush
isFlush
Hashtable
4{:<
8%/"
Binder
Binder
ComputeHash
RandomAccessMemory
%/i`h
GetPublicKey
Sleep
CryptoStreamMode
HashAlgorithm
CreateDecryptor
ICryptoTransform
CryptoStream
I'ae Rf
$be145829-f622-4aef-8ad9-8a953fdfacbd
$b3ac73c7-1459-4dbd-a38b-c7581cc881fd
R_OF
{DebuggerDisplay,nq}
UserInterface.Scripts
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
tableLayoutPanel1_Paint
_output1
_output0

Foremost
Matches
0.exe, 430 KB, 73.png, 350 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: UserInterface.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 2048
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 446054
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious: userinterface.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-06-16 01:10:52
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
396814
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 196

pushpopmath
.text: 188

ss register
.text: 4

garbagebytes
.text: 64

hookdetection
.text: 9

software breakpoint
.text: 9

fakeconditionaljumps
.text: 2

programcontrolflowchange
.text: 62

cpuinstructionsresultscomparison
.text: 8

AVclass
agenttesla
1
VirusTotal
md5
304af7d10463a09589c56059c8c2f31c
sha1
f7ac80bd873bfb49942d3599ea4a30a1a8c6e514
SCANS (DETECTION RATE = 77.94%)
AVG
result: Win32:MalwareX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200920
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=85)
update: 20200921
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200919
version: 6.72
detected: True check_circle

Bkav
update: 20200921
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 00568d4f1 )
update: 20200921
version: 11.141.35287
detected: True check_circle

ALYac
result: Trojan.GenericKD.43348989
update: 20200921
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:MalwareX-gen [Trj]
update: 20200921
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/AD.AgentTesla.shpqd
update: 20200921
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200917
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/MSIL_Agent.BKG.gen!Eldorado
update: 20200921
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.54392
update: 20200921
version: 7.0.49.9080
detected: True check_circle

GData
result: Win32.Trojan-Stealer.AgentTesla.K1BIAI
update: 20200921
version: A:25.27092B:27.20245
detected: True check_circle

Panda
result: Trj/WLT.F
update: 20200920
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200918
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200921
version: 86852
detected: True check_circle

Zoner
update: 20200920
version: 0.0.0.0
detected: False cancel

Comodo
update: 20200921
version: 32830
detected: False cancel

Ikarus
result: Trojan-Spy.LokiBot
update: 20200921
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FUV!304AF7D10463
update: 20200920
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Noon!8.E7C9 (KTSE)
update: 20200921
version: 25.0.0.26
detected: True check_circle

Sophos
result: Troj/Keylog-AKG
update: 20200921
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTVnLW.15
update: 20200911
version: 5.5.2.24
detected: True check_circle

Zillya
update: 20200919
version: 2.0.0.4178
detected: False cancel

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
result: TrojanSpy:MSIL/AgentTesla.afb6b5a0
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D29573FD
update: 20200921
version: 1.0.0.881
detected: True check_circle

Cylance
result: Unsafe
update: 20200921
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200917
version: 4.0.9
detected: True check_circle

FireEye
result: Generic.mg.304af7d10463a095
update: 20200921
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200814
version: 1.0
detected: True check_circle

TACHYON
update: 20200921
version: 2020-09-21.02
detected: False cancel

Tencent
result: Win32.Trojan.Inject.Auto
update: 20200921
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20200921
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200921
version: 1.0.0.403
detected: False cancel

eGambit
update: 20200921
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.43348989
update: 20200921
version: 3.0.16.117
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.4!c
update: 20200921
version: 4.2
detected: True check_circle

F-Secure
result: Trojan.TR/AD.AgentTesla.shpqd
update: 20200921
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Autorun.F31C!tr
update: 20200921
version: 6.2.142.0
detected: True check_circle

Invincea
result: Mal/Generic-R + Troj/Keylog-AKG
update: 20200921
version: 1.0.1.0
detected: True check_circle

Jiangmin
result: TrojanSpy.MSIL.aspo
update: 20200921
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200921
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200921
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200920
version: 1.12.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Sonbokli.R340714
update: 20200921
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
result: Trojan[Spy]/MSIL.Agent
update: 20200921
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan-Spy.MSIL.Noon.gen
update: 20200921
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.300983.susgen
update: 20200919
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:MSIL/AgentTesla.YB!MTB
update: 20200921
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: Generic/Trojan.Spy.beb
update: 20200921
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Trojan-Spy.MSIL.Noon.gen
update: 20200921
version: 1.0
detected: True check_circle

Cybereason
result: malicious.d873bf
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: MSIL/Autorun.Spy.Agent.DF
update: 20200921
version: 22024
detected: True check_circle

TrendMicro
result: TrojanSpy.MSIL.NEGASTEAL.DYSGXM
update: 20200921
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.GenericKD.43348989
update: 20200921
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_90% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 00568d4f1 )
update: 20200921
version: 11.141.35287
detected: True check_circle

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Spyware.AgentTesla
update: 20200921
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200921
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: TrojanSpy.MSIL
update: 20200921
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Kryptik.hlezsf
update: 20200921
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34254.Am0@aaqjQJc
update: 20200918
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.43348989
update: 20200921
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TrojanSpy.MSIL.NEGASTEAL.DYSGXM
update: 20200921
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
eec9dfb9ffe1fa518436941627c9fa844aeaa419c044ee7205760624bc72d001
scan_id
eec9dfb9ffe1fa518436941627c9fa844aeaa419c044ee7205760624bc72d001-1600677569
resource
304af7d10463a09589c56059c8c2f31c
positives
53
scan_date
2020-09-21 08:39:29
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\malware.exe.Local
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:44.575Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\
21/9/2020 - 15:45:44.575Unknown2476C:\malware.exeC:\
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows
21/9/2020 - 15:45:44.575Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:45:44.575Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:44.575Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:44.606Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:45:44.606Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:44.606Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:44.606Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:44.606Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:44.606Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:44.606Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:44.606Open2476C:\malware.exeC:\malware.exe.config
21/9/2020 - 15:45:44.606Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
21/9/2020 - 15:45:44.622Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
21/9/2020 - 15:45:44.622Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
21/9/2020 - 15:45:44.622Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
21/9/2020 - 15:45:44.622Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 15:45:44.747Unknown2476C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Users\Behemot
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Users\Behemot
21/9/2020 - 15:45:44.747Unknown2476C:\malware.exeC:\Users\Behemot
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:45:44.747Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 15:45:44.747Unknown2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Open2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:45:44.762Unknown2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Open2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.762Unknown2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.762Open2476C:\malware.exeC:\
21/9/2020 - 15:45:44.762Unknown2476C:\malware.exeC:\
21/9/2020 - 15:45:44.762Open2476C:\malware.exeC:\Monitor
21/9/2020 - 15:45:44.762Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 15:45:44.762Open2476C:\malware.exeC:\Monitor\Malware
21/9/2020 - 15:45:44.762Unknown2476C:\malware.exeC:\Monitor\Malware
21/9/2020 - 15:45:44.762Open2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.762Unknown2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 15:45:44.778Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\malware.config
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.778Unknown2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\Monitor\Malware
21/9/2020 - 15:45:44.778Unknown2476C:\malware.exeC:\Monitor\Malware
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
21/9/2020 - 15:45:44.778Open2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:44.778Unknown2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:45:45.28Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 15:45:45.75Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 15:45:45.262Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 15:45:45.262Open2476C:\malware.exeC:\malware.exe.Local
21/9/2020 - 15:45:45.262Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.262Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.262Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\pubpol4.dat
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\VERSION.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 15:45:45.278Open2476C:\malware.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 15:45:45.293Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.293Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.293Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:45:45.293Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Open2476C:\malware.exeC:\Windows\Globalization\pt-br.nlp
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Unknown2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:45:45.293Open2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
21/9/2020 - 15:45:45.293Open2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.356Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.403Open2476C:\malware.exeC:\malware.config
21/9/2020 - 15:45:45.403Open2476C:\malware.exeC:\pt-BR\yXIyEcxSIVZQPwSoW.resources.dll
21/9/2020 - 15:45:45.403Open2476C:\malware.exeC:\pt-BR\yXIyEcxSIVZQPwSoW.resources\yXIyEcxSIVZQPwSoW.resources.dll
21/9/2020 - 15:45:45.403Open2476C:\malware.exeC:\pt-BR\yXIyEcxSIVZQPwSoW.resources.exe
21/9/2020 - 15:45:45.403Open2476C:\malware.exeC:\pt-BR\yXIyEcxSIVZQPwSoW.resources\yXIyEcxSIVZQPwSoW.resources.exe
21/9/2020 - 15:45:45.450Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 15:45:45.450Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 15:45:45.637Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 15:45:45.637Open2476C:\malware.exeC:\malware.exe.Local
21/9/2020 - 15:45:45.637Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.637Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.637Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.637Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:45:45.637Unknown2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
21/9/2020 - 15:45:45.637Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 15:45:45.637Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 15:45:45.653Open2476C:\malware.exeC:\Windows\Globalization\pt.nlp
21/9/2020 - 15:45:45.653Open2476C:\malware.exeC:\pt\yXIyEcxSIVZQPwSoW.resources.dll
21/9/2020 - 15:45:45.653Open2476C:\malware.exeC:\pt\yXIyEcxSIVZQPwSoW.resources\yXIyEcxSIVZQPwSoW.resources.dll
21/9/2020 - 15:45:45.653Open2476C:\malware.exeC:\pt\yXIyEcxSIVZQPwSoW.resources.exe
21/9/2020 - 15:45:45.653Open2476C:\malware.exeC:\pt\yXIyEcxSIVZQPwSoW.resources\yXIyEcxSIVZQPwSoW.resources.exe
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.653Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.684Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.684Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.731Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:45.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.825Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.872Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.918Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:45.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.106Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.153Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.200Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:45:46.247Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.340Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.387Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.434Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:45:46.481Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 15:45:46.622Unknown2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.622Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 15:45:46.622Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.715Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.809Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.856Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.903Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.950Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:46.997Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.43Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.90Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.137Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.184Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.231Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.325Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.372Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.418Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.465Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.512Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.559Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.606Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:47.700Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 15:45:47.840Unknown2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:47.840Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 15:45:47.840Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:47.887Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:47.934Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:47.981Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.28Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.122Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.168Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.215Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:48.309Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:48.450Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:45:48.450Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:49.43Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.90Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.137Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:45:49.231Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:45:49.231Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.325Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.372Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.418Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.465Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.512Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:49.559Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:49.606Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:49.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:45:49.700Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:45:49.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:22.825Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:22.872Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:22.918Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:22.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.106Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.153Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.200Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.247Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.340Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.387Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.434Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.481Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.528Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.575Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.622Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\CRYPTSP.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.715Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.731Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.731Open2476C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:23.731Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.872Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.918Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:23.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.90Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.137Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.184Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.231Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.372Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.418Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.465Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.512Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.559Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.606Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.700Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.793Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:24.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.247Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.340Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.387Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.434Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.481Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.575Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.622Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:25.715Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:25.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:25.809Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.856Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:25.903Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:25.950Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:25.997Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:26.43Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:26.90Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:26.137Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:26.184Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:26.231Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:26.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:26.325Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:26.372Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
21/9/2020 - 15:46:26.372Open2476C:\malware.exeC:\malware.exe.Local
21/9/2020 - 15:46:26.372Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 15:46:26.418Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 15:46:26.418Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 15:46:26.418Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 15:46:26.497Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
21/9/2020 - 15:46:26.543Open2476C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 15:46:26.543Open2476C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 15:46:26.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:26.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:26.590Open2476C:\malware.exeC:\WindowsCodecs.dll
21/9/2020 - 15:46:26.590Open2476C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
21/9/2020 - 15:46:26.590Unknown2476C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
21/9/2020 - 15:46:26.590Open2476C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
21/9/2020 - 15:46:26.590Unknown2476C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
21/9/2020 - 15:46:26.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:26.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:26.840Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:26.934Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:26.981Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.28Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.122Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.168Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.215Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.309Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.356Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.403Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.450Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.543Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.637Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.684Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:27.731Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:27.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.825Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.872Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.918Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:27.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.106Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.153Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.200Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.247Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt\ReZer0V2.resources.dll
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt\ReZer0V2.resources.exe
21/9/2020 - 15:46:28.293Open2476C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
21/9/2020 - 15:46:28.293Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.340Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:28.434Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.481Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:28.528Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.668Unknown2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.668Open2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.668Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.715Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.809Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.856Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.903Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.950Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:28.997Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.43Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.90Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.137Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.184Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.231Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.278Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.325Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.372Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.418Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.465Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.512Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.559Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.606Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.653Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.700Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.747Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.793Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.840Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.887Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.934Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:29.981Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.28Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.122Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.168Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.215Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.262Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:30.403Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:30.403Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.450Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.497Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.543Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.637Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.684Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.731Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.825Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.872Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:30.918Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:30.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:31.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:31.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:31.106Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:31.153Open2476C:\malware.exeC:\Windows\Globalization\en-us.nlp
21/9/2020 - 15:46:31.153Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:31.200Open2476C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:46:31.200Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:46:31.293Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:46:31.293Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:46:31.387Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.387Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:46:31.387Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.434Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.481Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.528Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.575Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.622Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:46:31.622Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:46:31.622Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:46:31.622Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:46:31.622Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.622Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:46:31.622Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.622Unknown2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:31.622Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:46:51.747Open2476C:\malware.exeC:\shfolder.dll
21/9/2020 - 15:46:51.747Open2476C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 15:46:51.747Open2476C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 15:46:51.981Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:51.981Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.28Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.122Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.168Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.215Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.262Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.309Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.356Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.403Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.450Open2476C:\malware.exeC:\ntmarta.dll
21/9/2020 - 15:46:52.450Open2476C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
21/9/2020 - 15:46:52.450Open2476C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
21/9/2020 - 15:46:52.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:52.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:52.450Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.497Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.543Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:52.590Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.637Open2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Unknown2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Open2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\malware.exe
21/9/2020 - 15:46:52.637Write2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.637Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.684Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:52.684Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.684Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:52.684Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.731Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.872Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:52.918Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:53.12Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:53.59Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exe
21/9/2020 - 15:46:53.59Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:53.59Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:53.59Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\gNWlSHDhDw.exegNWlSHDhDw.exe
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
21/9/2020 - 15:46:53.75Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
21/9/2020 - 15:46:53.75Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:53.75Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:53.75Write2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:53.75Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.75Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.122Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.168Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.215Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Monitor
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\PROPSYS.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\shell32.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\malware.exe.Local
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\WindowsShell.Manifest
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\apphelp.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.262Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.262Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Read2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Unknown2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
21/9/2020 - 15:46:53.278Unknown2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
21/9/2020 - 15:46:53.278Unknown2476C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\malware.exe.Local
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.278Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.278Open2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.340Open2476C:\malware.exeC:\Monitor\schtasks.exe
21/9/2020 - 15:46:53.340Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.403Open2476C:\malware.exeC:\
21/9/2020 - 15:46:53.403Unknown2476C:\malware.exeC:\
21/9/2020 - 15:46:53.403Open2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.403Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.403Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.403Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
21/9/2020 - 15:46:53.450Read2476C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Windows\System32\propsys.dll
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Windows\SysWOW64\propsys.dll
21/9/2020 - 15:46:53.450Open2476C:\malware.exeC:\Windows\System32\propsys.dll
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Secur32.dll
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\secur32.dll
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Monitor
21/9/2020 - 15:46:53.543Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 15:46:53.543Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.731Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\
21/9/2020 - 15:46:53.731Unknown2476C:\malware.exeC:\
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.731Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.731Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.731Unknown2476C:\malware.exeC:\Windows\SysWOW64
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.731Read2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.731Read2476C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.731Open2476C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
21/9/2020 - 15:46:53.731Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows
21/9/2020 - 15:46:53.778Unknown2156C:\Windows\SysWOW64\schtasks.exeC:\Windows
21/9/2020 - 15:46:53.778Open2156C:\Windows\SysWOW64\schtasks.exeC:\Monitor
21/9/2020 - 15:46:53.778Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.840Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.887Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.934Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:53.981Read2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:53.981Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:53.997Read2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 15:46:54.43Unknown2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 15:46:54.43Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 15:46:54.231Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
21/9/2020 - 15:46:54.231Open2156C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
21/9/2020 - 15:46:54.372Open2156C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:54.372Read2156C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:54.372Read2156C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:55.372Unknown2156C:\Windows\SysWOW64\schtasks.exeC:\Windows
21/9/2020 - 15:46:55.372Unknown2156C:\Windows\SysWOW64\schtasks.exeC:\Monitor
21/9/2020 - 15:46:55.372Open2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:55.372Open2476C:\malware.exeC:\Monitor\Files\DeletedFiles
21/9/2020 - 15:46:55.372Delete2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:55.372Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:55.372Unknown2476C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp1361.tmp
21/9/2020 - 15:46:55.372Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.434Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.481Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.715Unknown2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\
21/9/2020 - 15:46:55.715Unknown2476C:\malware.exeC:\
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.715Unknown2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.715Unknown2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.715Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.715Read2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 15:46:55.715Open2476C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
21/9/2020 - 15:46:55.762Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Prefetch\REGSVCS.EXE-6C19C8B1.pf
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64win.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64cpu.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\System32\wow64log.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.762Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Monitor
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\mscoree.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sechost.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.762Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:55.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\imm32.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nls
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:55.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
21/9/2020 - 15:46:55.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
21/9/2020 - 15:46:55.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 15:46:55.793Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
21/9/2020 - 15:46:55.793Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:55.793Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:55.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.840Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.840Read2476C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
21/9/2020 - 15:46:55.840Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.840Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.840Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
21/9/2020 - 15:46:55.840Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 15:46:55.840Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rpcss.dll
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 15:46:55.840Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\uxtheme.dll
21/9/2020 - 15:46:55.887Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.887Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 15:46:55.887Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:46:55.887Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.887Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\l_intl.nls
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\cryptsp.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.887Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\rsaenh.dll
21/9/2020 - 15:46:55.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 15:46:55.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 15:46:55.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
21/9/2020 - 15:46:55.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
21/9/2020 - 15:46:55.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.903Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:55.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\pubpol4.dat
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:46:55.918Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.918Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:46:55.918Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.965Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\pt-br.nlp
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:46:55.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.981Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
21/9/2020 - 15:46:55.981Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
21/9/2020 - 15:46:55.981Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
21/9/2020 - 15:46:55.981Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
21/9/2020 - 15:46:55.981Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\bcrypt.dll
21/9/2020 - 15:46:55.981Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 15:46:55.981Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\bcrypt.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.997Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.997Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\dwmapi.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\dwmapi.dll
21/9/2020 - 15:46:55.997Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.997Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\version.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
21/9/2020 - 15:46:55.997Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:56.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.59Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:56.59Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:56.106Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.106Read2476C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.106Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2476.1116156
21/9/2020 - 15:46:56.106Open2476C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2476.1116156
21/9/2020 - 15:46:56.106Open2476C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2476.1116281
21/9/2020 - 15:46:56.106Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.153Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.153Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.200Unknown2476C:\malware.exeC:\Windows
21/9/2020 - 15:46:56.200Unknown2476C:\malware.exeC:\Monitor
21/9/2020 - 15:46:56.200Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:56.200Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:56.200Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
21/9/2020 - 15:46:56.200Unknown2476C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
21/9/2020 - 15:46:56.200Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.247Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.293Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.340Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:56.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:56.481Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:46:56.528Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.575Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:56.668Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
21/9/2020 - 15:46:56.668Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:56.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RpcRtRemote.dll
21/9/2020 - 15:46:56.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 15:46:56.762Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 15:46:56.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dll
21/9/2020 - 15:46:56.762Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbemcomn.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
21/9/2020 - 15:46:56.809Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\Logs
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\advapi32.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
21/9/2020 - 15:46:56.809Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
21/9/2020 - 15:46:56.825Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
21/9/2020 - 15:46:56.825Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
21/9/2020 - 15:46:57.12Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
21/9/2020 - 15:46:57.12Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
21/9/2020 - 15:46:57.481Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
21/9/2020 - 15:46:57.481Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\fastprox.dll
21/9/2020 - 15:46:57.481Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
21/9/2020 - 15:46:57.481Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
21/9/2020 - 15:46:57.481Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\ntdsapi.dll
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:57.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\SXS.DLL
21/9/2020 - 15:46:57.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
21/9/2020 - 15:46:57.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\sxs.dll
21/9/2020 - 15:46:57.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.903Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\wbem\wbemdisp.tlb
21/9/2020 - 15:46:57.918Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:58.387Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.387Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:58.387Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.387Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.387Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.387Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.387Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.403Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
21/9/2020 - 15:46:58.403Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:58.403Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:58.403Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:58.403Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
21/9/2020 - 15:46:58.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.403Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllCustomMarshalers.dll
21/9/2020 - 15:46:58.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:58.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:58.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:58.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:58.403Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
21/9/2020 - 15:46:59.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
21/9/2020 - 15:46:59.434Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:59.434Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.497Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.497Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:59.497Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:46:59.543Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.543Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.590Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.637Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:46:59.684Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:46:59.731Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21/9/2020 - 15:46:59.778Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.778Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21/9/2020 - 15:46:59.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.825Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.872Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
21/9/2020 - 15:46:59.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
21/9/2020 - 15:46:59.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:59.965Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:59.965Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:46:59.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
21/9/2020 - 15:46:59.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
21/9/2020 - 15:47:0.481Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
21/9/2020 - 15:47:4.340Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:4.340Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:4.340Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:4.340Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:10.575Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:11.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 15:47:11.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 15:47:11.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 15:47:11.793Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\tzres.dll
21/9/2020 - 15:47:14.700Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\%insfolder%\%insname%
21/9/2020 - 15:47:30.75Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.122Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.168Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.215Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:30.262Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.309Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
21/9/2020 - 15:47:30.356Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.403Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.450Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.497Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.543Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.590Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\shfolder.dll
21/9/2020 - 15:47:30.590Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 15:47:30.590Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\shfolder.dll
21/9/2020 - 15:47:30.590Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 15:47:30.590Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local
21/9/2020 - 15:47:30.590Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.637Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.684Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:30.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data
21/9/2020 - 15:47:30.762Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable
21/9/2020 - 15:47:30.825Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.872Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:30.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.43Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.90Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.137Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.184Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.231Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.278Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.325Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.372Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Globalization\en-us.nlp
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config
21/9/2020 - 15:47:31.418Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:47:31.418Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.configregsvcs.exe.config
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:47:31.418Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:47:31.418Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:47:31.418Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:47:31.465Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
21/9/2020 - 15:47:31.512Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.559Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.606Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
21/9/2020 - 15:47:31.606Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.653Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.700Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.747Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.793Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.840Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.887Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.934Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:31.981Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:32.28Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:32.75Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Microsoft\Edge\User Data
21/9/2020 - 15:47:32.75Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
21/9/2020 - 15:47:32.75Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
21/9/2020 - 15:47:32.75Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
21/9/2020 - 15:47:32.75Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\SysWOW64\vaultcli.dll
21/9/2020 - 15:47:33.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:33.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:33.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.Local
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:47:33.434Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:47:33.434Unknown2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 15:47:33.434Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
21/9/2020 - 15:47:33.450Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\The Bat!
21/9/2020 - 15:47:33.450Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
21/9/2020 - 15:47:33.450Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
21/9/2020 - 15:47:33.450Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
21/9/2020 - 15:47:33.450Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
21/9/2020 - 15:47:33.450Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Storage
21/9/2020 - 15:47:33.465Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\mail
21/9/2020 - 15:47:33.465Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
21/9/2020 - 15:47:33.465Open2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
21/9/2020 - 15:47:41.684Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:41.731Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:41.778Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:41.825Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:41.872Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:41.918Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:41.965Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.12Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.59Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.106Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.153Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.247Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.293Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.340Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.387Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.434Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:42.481Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:42.528Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:42.575Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:42.622Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:42.668Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
21/9/2020 - 15:47:42.715Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
21/9/2020 - 15:47:42.715Read2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll

Process
Trace
21/9/2020 - 15:46:53.731Create2476C:\malware.exe2156C:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:55.372Terminate2476C:\malware.exe2156C:\Windows\SysWOW64\schtasks.exe
21/9/2020 - 15:46:55.715Create2476C:\malware.exe2168C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
21/9/2020 - 15:46:53.543Write2476C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 65.62%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.19%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 66.90%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.48%
suspicious: True check_circle

Add to Collection
Download