Report #12276 check_circle

Binary
DLL
False cancel
Size
1.01MB
trid
62.0% Generic CIL Executable
23.4% Win64 Executable
5.5% Win32 Dynamic Link Library
3.8% Win32 Executable
1.7% OS/2 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
cf916f94027017f1229037f12c243b89
sha1
87431b09e70feed0ec86c2fd2969bcaef0535132
crc32
0x970ebdf1
sha224
ff4c613c0d886c6aded0a7c4368a3eada5d0de00668a715c95315d19
sha256
5291859c0713247d1812f2e46b02737206f0f0930041644d566fc731e59831d2
sha384
8524a9b09a5a0b14e14f2004f1bca4114f670b38bc4a7ee94fbc59c151c5aa4b82d71864c5d8d26e2d21a423fce1cc4f
sha512
bd9493155a7e60e24df84a73cf8b22aa2a4057381d236f8180dfa7ed6bd075bf2c22cc1a8e86bcc55cd09fe3826e7d4d964ea118d7187b2acf00cf927870b364
ssdeep
12288:09bbbbbbbbbbbbbpMD8u3CQ8AoFs5mVUuuGJciZ49OaO/vR1L/HunqjRIZ5yzlQo:Yc8HF9Vdtdu9OxPHuYIZ5nlzLrH
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
NET_executable, contentis_base64, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studio_NET_additional, url, IP, IsNET_EXE, NETexecutableMicrosoft, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, IsPacked, NET_executable_, domain, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, IsWindowsGUI

Suspicious
True check_circle

Strings
List
http://imtuoradea.ro/auo.fmte/files-2007/MECATRONICA_files/Anamaria_Dascalescu_1.pdf
An hypocycloid gear profile generator. http://www.esmats.eu/esmatspapers/pastpapers/pdfs/2013/seweryn.pdf
http://gears.ru/transmis/zaprogramata/2.139.pdf
A Trochoid curve generator. https://en.wikipedia.org/wiki/Trochoid
http://www.kellbot.com/sdxf-python-library-for-dxf/
Homepage http://www.zincland.com/hypocycloid
http://www.cnczone.com/forums/showthread.php?t=72261
An hypocycloid curve generator. https://en.wikipedia.org/wiki/Hypocycloid
C:\Users\Vendetta\source\repos\RoboSki\RoboSki\obj\Debug\Screenshots.pdb
D.Pe
System.IO
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
CycloidGenerator.Properties
O.mo
b.pl
Screenshots.dll
Screenshots.dll
Screenshots.dll
1.0.4.0
1.0.4.0
1.0.4.0
f.oint
r.soia
1.0.0.0
1.0.0.0
1.0.0.0
1.0.0.0
16.0.0.0
16.1.0.0
4.0.4.0
Wr"9D6Ni
Hypocycloid gear (waw.pl) BUGGY
*.<-
(\VMFoU
,Neb
I:TB
\AoG
OLI:H
yds?a
CycloidGenerator.Properties.Resources.resources
Export as DXF...
FGWy:wI
ht%E(
Credit to:
CycloidGenerator.Properties.Resources
CycloidGenerator.Properties.Resources
DxfDocument
*%%\)
s%%*e
O%a#c
n*E%p
%sI{>
%GHi6
System.Windows.Forms.Layout
3System.Resources.Tools.StronglyTypedResourceBuilder
mfDe
AfD
Delegate
Tooth pitch
l%ehk
System.Windows.Forms
DE3 %E
UuwsCUmKhlFdbkSrDj.exe
UuwsCUmKhlFdbkSrDj.exe
UuwsCUmKhlFdbkSrDj.exe
mscoree.dll
mscoree.dll
add_DragEnter
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
get_Screenshots2
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
get_ResourceManager
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ae
mMonitorDpis
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
6.BE,
pageSetupDialog1
pageSetupDialog2
pageSetupDialog4
pageSetupDialog5
pageSetupDialog6
pageSetupDialog7
pageSetupDialog3

Foremost
Matches
0.exe, 1 MB, 381.png, 634 KB, 1705.png, 20 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://www.cnczone.com/forums/showthread.php?t=72261, https://en.wikipedia.org/wiki/hypocycloid, http://imtuoradea.ro/auo.fmte/files-2007/mecatronica_files/anamaria_dascalescu_1.pdf, http://www.kellbot.com/sdxf-python-library-for-dxf/, http://gears.ru/transmis/zaprogramata/2.139.pdf, http://www.zincland.com/hypocycloid, https://en.wikipedia.org/wiki/trochoid, http://www.esmats.eu/esmatspapers/pastpapers/pdfs/2013/seweryn.pdf
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: An hypocycloid gear profile generator. http://www.esmats.eu/esmatspapers/pastpapers/pdfs/2013/seweryn.pdf, http://imtuoradea.ro/auo.fmte/files-2007/MECATRONICA_files/Anamaria_Dascalescu_1.pdf, http://gears.ru/transmis/zaprogramata/2.139.pdf, Screenshots.dll, mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 185856
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 48.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 879902
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious: screenshots.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-03-03 18:45:46
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
189289
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 18
.text: 361

pushpopmath
.rsrc: 11
.text: 273

ss register
.text: 5

garbagebytes
.rsrc: 8
.text: 105

hookdetection
.rsrc: 1
.text: 10

software breakpoint
.rsrc: 2
.text: 14

fakeconditionaljumps
.text: 9

programcontrolflowchange
.rsrc: 8
.text: 96

cpuinstructionsresultscomparison
.rsrc: 1
.text: 20

AVclass
nanobot
1
VirusTotal
md5
cf916f94027017f1229037f12c243b89
sha1
87431b09e70feed0ec86c2fd2969bcaef0535132
SCANS (DETECTION RATE = 80.88%)
AVG
result: Win32:VB-AJBX [Trj]
update: 20200918
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200918
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=83)
update: 20200918
version: 2019.9.16.1
detected: True check_circle

APEX
update: 20200916
version: 6.71
detected: False cancel

Bkav
update: 20200918
version: 1.3.0.9899
detected: False cancel

K7GW
result: Trojan ( 00561ab91 )
update: 20200918
version: 11.141.35278
detected: True check_circle

ALYac
result: Trojan.Agent.HawkEye
update: 20200918
version: 1.1.1.5
detected: True check_circle

Avast
result: Win32:VB-AJBX [Trj]
update: 20200918
version: 18.4.3895.0
detected: True check_circle

Avira
result: TR/Kryptik.zctou
update: 20200918
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
result: Malicious (score: 85)
update: 20200917
version: 4.0.0.24
detected: True check_circle

Cyren
result: W32/Agensla.A.gen!Eldorado
update: 20200918
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.PWS.Stealer.28161
update: 20200918
version: 7.0.49.9080
detected: True check_circle

GData
result: Trojan.MSIL.Basic.2.Gen
update: 20200918
version: A:25.27063B:27.20219
detected: True check_circle

Panda
result: Trj/GdSda.A
update: 20200918
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20200918
version: 4.4.1
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20200918
version: 86792
detected: True check_circle

Zoner
update: 20200918
version: 0.0.0.0
detected: False cancel

Comodo
result: Malware@#1ejge0ynvli5k
update: 20200918
version: 32823
detected: True check_circle

Ikarus
result: Trojan-Spy.Keylogger.AgentTesla
update: 20200918
version: 0.1.5.2
detected: True check_circle

McAfee
result: Fareit-FVR!CF916F940270
update: 20200918
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200918
version: 25.0.0.26
detected: False cancel

Sophos
result: Mal/Kryptik-DL
update: 20200918
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Igent.bTjJlJ.55
update: 20200911
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Kryptik.Win32.1962138
update: 20200917
version: 2.0.0.4177
detected: True check_circle

Acronis
update: 20200917
version: 1.1.1.78
detected: False cancel

Alibaba
result: Trojan:Win32/starter.ali1000139
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.MSIL.Basic.2.Gen
update: 20200918
version: 1.0.0.881
detected: True check_circle

Cylance
result: Unsafe
update: 20200918
version: 2.3.1.101
detected: True check_circle

Elastic
result: malicious (high confidence)
update: 20200917
version: 4.0.9
detected: True check_circle

FireEye
result: Generic.mg.cf916f94027017f1
update: 20200918
version: 32.36.1.0
detected: True check_circle

Sangfor
result: Malware
update: 20200814
version: 1.0
detected: True check_circle

TACHYON
update: 20200918
version: 2020-09-18.02
detected: False cancel

Tencent
result: Msil.Backdoor.Nanobot.Tclt
update: 20200918
version: 1.0.0.1
detected: True check_circle

ViRobot
result: Trojan.Win32.S.Infostealer.1058304
update: 20200918
version: 2014.3.20.0
detected: True check_circle

Webroot
result: W32.Trojan.Gen
update: 20200918
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20200918
detected: False cancel

Ad-Aware
result: Trojan.MSIL.Basic.2.Gen
update: 20200918
version: 3.0.16.117
detected: True check_circle

AegisLab
result: Trojan.Multi.Generic.4!c
update: 20200918
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan-Ransom.Phobos (A)
update: 20200918
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Kryptik.zctou
update: 20200918
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Kryptik.EFKZ!tr
update: 20200918
version: 6.2.142.0
detected: True check_circle

Invincea
result: Mal/Generic-S + Troj/Steal-HT
update: 20200918
version: 1.0.1.0
detected: True check_circle

Jiangmin
result: Trojan.MSIL.lpvd
update: 20200918
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20200918
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20200918
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20200918
version: 1.12.0.0
detected: True check_circle

AhnLab-V3
result: Trojan/Win32.Inject.R327708
update: 20200918
version: 3.18.1.10026
detected: True check_circle

Antiy-AVL
update: 20200918
version: 3.0.0.1
detected: False cancel

Kaspersky
result: HEUR:Backdoor.MSIL.NanoBot.gen
update: 20200918
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Trojan.Malware.73691366.susgen
update: 20200918
version: 1.0.0.1
detected: True check_circle

Microsoft
result: HackTool:Win32/Mailpassview
update: 20200918
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: Generic/Backdoor.BO.5c9
update: 20200918
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.NanoBot.gen
update: 20200918
version: 1.0
detected: True check_circle

Cybereason
result: malicious.402701
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Kryptik.UXD
update: 20200918
version: 22013
detected: True check_circle

TrendMicro
result: TrojanSpy.Win32.FAREIT.THCOFBO
update: 20200918
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Trojan.MSIL.Basic.2.Gen
update: 20200918
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 00561ab91 )
update: 20200918
version: 11.141.35278
detected: True check_circle

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Trojan.MalPack.VND
update: 20200918
version: 3.6.4.335
detected: True check_circle

CAT-QuickHeal
result: Trojan.YakbeexMSIL.ZZ4
update: 20200918
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.NanoBot.heankd
update: 20200918
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34254.an0@aGUdy5d
update: 20200918
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Trojan.MSIL.Basic.2.Gen
update: 20200918
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200918
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TrojanSpy.Win32.FAREIT.THCOFBO
update: 20200918
version: 10.0.0.1040
detected: True check_circle

total
68
sha256
5291859c0713247d1812f2e46b02737206f0f0930041644d566fc731e59831d2
scan_id
5291859c0713247d1812f2e46b02737206f0f0930041644d566fc731e59831d2-1600470556
resource
cf916f94027017f1229037f12c243b89
positives
55
scan_date
2020-09-18 23:09:16
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/1/2021 - 12:45:43.809Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:45:43.809Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:45:43.809Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:43.809Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:43.809Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:43.809Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:45:43.809Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:45:43.825Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:45:43.825Open2088C:\malware.exeC:\
18/1/2021 - 12:45:43.825Unknown2088C:\malware.exeC:\
18/1/2021 - 12:45:43.825Open2088C:\malware.exeC:\Windows
18/1/2021 - 12:45:43.825Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:45:43.825Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:43.825Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:43.840Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:45:43.840Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:43.840Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:43.840Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:43.840Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:43.840Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:43.840Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:43.840Open2088C:\malware.exeC:\malware.exe.config
18/1/2021 - 12:45:44.215Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:45:44.637Unknown2088C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:44.637Unknown2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:45:44.637Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
18/1/2021 - 12:45:44.637Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
18/1/2021 - 12:45:44.653Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/1/2021 - 12:45:44.653Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:44.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.90Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:45.137Read2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:45.184Unknown2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:45.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.887Unknown2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\
18/1/2021 - 12:45:45.887Unknown2088C:\malware.exeC:\
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Monitor
18/1/2021 - 12:45:45.887Unknown2088C:\malware.exeC:\Monitor
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:45:45.887Unknown2088C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.887Unknown2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:45:45.887Open2088C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:45:45.934Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:45:45.934Open2088C:\malware.exeC:\malware.config
18/1/2021 - 12:45:45.934Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.934Unknown2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.934Open2088C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:45:45.934Unknown2088C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:45.934Open2088C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
18/1/2021 - 12:45:45.950Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.950Unknown2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:45:45.950Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:45:45.950Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:45:45.950Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:45.965Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\assembly\pubpol4.dat
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:45:45.965Unknown2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:45:45.965Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:45.965Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:45.965Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:45.965Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:45.965Read2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:45:45.965Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/1/2021 - 12:45:45.981Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:45.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:46.731Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/1/2021 - 12:45:46.872Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:46.872Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/1/2021 - 12:45:46.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:46.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:46.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:47.340Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.481Unknown2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.481Open2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:47.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:48.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:49.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:49.90Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:49.325Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:49.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:49.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:49.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:49.981Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:50.75Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:45:50.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.356Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:45:50.450Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:45:50.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:50.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:50.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:50.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:50.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:50.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:50.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:50.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:50.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:50.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:50.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:50.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:51.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:51.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:51.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:51.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:51.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:51.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:51.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:51.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:51.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:51.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:51.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.325Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
18/1/2021 - 12:45:52.372Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
18/1/2021 - 12:45:52.418Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
18/1/2021 - 12:45:52.465Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
18/1/2021 - 12:45:52.512Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
18/1/2021 - 12:45:52.559Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
18/1/2021 - 12:45:52.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.622Open2088C:\malware.exeC:\Windows\Globalization\pt-br.nlp
18/1/2021 - 12:45:52.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:52.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:52.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:53.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:53.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:53.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:53.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:53.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:53.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:53.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:53.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:54.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:54.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:54.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:54.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:54.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:54.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:54.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:45:55.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:55.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:55.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:55.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.778Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
18/1/2021 - 12:45:55.778Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:45:55.778Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
18/1/2021 - 12:45:55.825Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
18/1/2021 - 12:45:55.825Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
18/1/2021 - 12:45:55.825Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
18/1/2021 - 12:45:55.872Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
18/1/2021 - 12:45:55.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:55.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:56.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:56.59Open2088C:\malware.exeC:\WindowsCodecs.dll
18/1/2021 - 12:45:56.59Open2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
18/1/2021 - 12:45:56.59Unknown2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
18/1/2021 - 12:45:56.59Open2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dll
18/1/2021 - 12:45:56.59Unknown2088C:\malware.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
18/1/2021 - 12:45:56.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:45:56.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:56.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:56.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:45:56.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:45:56.762Open2088C:\malware.exeC:\ShFolder.DLL
18/1/2021 - 12:45:56.762Open2088C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
18/1/2021 - 12:45:56.762Open2088C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:56.997Unknown2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:45:56.997Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:56.997Unknown2088C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:45:56.997Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
18/1/2021 - 12:45:56.997Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
18/1/2021 - 12:45:56.997Read2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
18/1/2021 - 12:45:56.997Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
18/1/2021 - 12:45:57.137Open2088C:\malware.exeC:\Windows\Fonts\marlett.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\arial.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
18/1/2021 - 12:45:57.278Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
18/1/2021 - 12:45:57.418Open2088C:\malware.exeC:\Windows\Fonts\ariali.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbd.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
18/1/2021 - 12:45:57.512Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
18/1/2021 - 12:45:57.653Open2088C:\malware.exeC:\Windows\Fonts\arialbi.ttf
18/1/2021 - 12:45:57.747Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:57.747Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:57.747Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:58.309Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:58.731Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:58.778Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:58.825Open2088C:\malware.exeC:\Windows\Fonts\batang.ttc
18/1/2021 - 12:45:58.825Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
18/1/2021 - 12:45:58.825Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
18/1/2021 - 12:45:58.825Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
18/1/2021 - 12:45:58.965Open2088C:\malware.exeC:\Windows\Fonts\cour.ttf
18/1/2021 - 12:45:59.12Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
18/1/2021 - 12:45:59.12Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
18/1/2021 - 12:45:59.12Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
18/1/2021 - 12:45:59.106Open2088C:\malware.exeC:\Windows\Fonts\couri.ttf
18/1/2021 - 12:45:59.153Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
18/1/2021 - 12:45:59.153Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
18/1/2021 - 12:45:59.153Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
18/1/2021 - 12:45:59.293Open2088C:\malware.exeC:\Windows\Fonts\courbd.ttf
18/1/2021 - 12:45:59.340Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
18/1/2021 - 12:45:59.340Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
18/1/2021 - 12:45:59.340Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
18/1/2021 - 12:45:59.481Open2088C:\malware.exeC:\Windows\Fonts\courbi.ttf
18/1/2021 - 12:45:59.528Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
18/1/2021 - 12:45:59.528Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
18/1/2021 - 12:45:59.528Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
18/1/2021 - 12:45:59.622Open2088C:\malware.exeC:\Windows\Fonts\daunpenh.ttf
18/1/2021 - 12:45:59.622Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
18/1/2021 - 12:45:59.622Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
18/1/2021 - 12:45:59.622Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
18/1/2021 - 12:45:59.715Open2088C:\malware.exeC:\Windows\Fonts\dokchamp.ttf
18/1/2021 - 12:45:59.715Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
18/1/2021 - 12:45:59.715Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
18/1/2021 - 12:45:59.715Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
18/1/2021 - 12:45:59.809Open2088C:\malware.exeC:\Windows\Fonts\estre.ttf
18/1/2021 - 12:45:59.809Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
18/1/2021 - 12:45:59.809Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
18/1/2021 - 12:45:59.809Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
18/1/2021 - 12:45:59.950Open2088C:\malware.exeC:\Windows\Fonts\euphemia.ttf
18/1/2021 - 12:45:59.950Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
18/1/2021 - 12:45:59.950Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
18/1/2021 - 12:45:59.950Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
18/1/2021 - 12:46:0.90Open2088C:\malware.exeC:\Windows\Fonts\gautami.ttf
18/1/2021 - 12:46:0.137Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
18/1/2021 - 12:46:0.137Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
18/1/2021 - 12:46:0.137Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
18/1/2021 - 12:46:0.231Open2088C:\malware.exeC:\Windows\Fonts\gautamib.ttf
18/1/2021 - 12:46:0.278Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
18/1/2021 - 12:46:0.278Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
18/1/2021 - 12:46:0.278Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
18/1/2021 - 12:46:0.372Open2088C:\malware.exeC:\Windows\Fonts\Vani.ttf
18/1/2021 - 12:46:0.372Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
18/1/2021 - 12:46:0.372Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
18/1/2021 - 12:46:0.372Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
18/1/2021 - 12:46:0.465Open2088C:\malware.exeC:\Windows\Fonts\Vanib.ttf
18/1/2021 - 12:46:0.465Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:0.465Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:0.465Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:1.28Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:1.450Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:1.497Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:1.543Open2088C:\malware.exeC:\Windows\Fonts\gulim.ttc
18/1/2021 - 12:46:1.543Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
18/1/2021 - 12:46:1.543Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
18/1/2021 - 12:46:1.543Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
18/1/2021 - 12:46:1.637Open2088C:\malware.exeC:\Windows\Fonts\impact.ttf
18/1/2021 - 12:46:1.637Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
18/1/2021 - 12:46:1.637Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
18/1/2021 - 12:46:1.637Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
18/1/2021 - 12:46:1.809Open2088C:\malware.exeC:\Windows\Fonts\iskpota.ttf
18/1/2021 - 12:46:1.809Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
18/1/2021 - 12:46:1.809Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
18/1/2021 - 12:46:1.809Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
18/1/2021 - 12:46:1.903Open2088C:\malware.exeC:\Windows\Fonts\iskpotab.ttf
18/1/2021 - 12:46:1.903Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
18/1/2021 - 12:46:1.903Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
18/1/2021 - 12:46:1.903Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
18/1/2021 - 12:46:1.997Open2088C:\malware.exeC:\Windows\Fonts\kalinga.ttf
18/1/2021 - 12:46:2.43Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
18/1/2021 - 12:46:2.43Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
18/1/2021 - 12:46:2.43Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
18/1/2021 - 12:46:2.137Open2088C:\malware.exeC:\Windows\Fonts\kalingab.ttf
18/1/2021 - 12:46:2.184Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
18/1/2021 - 12:46:2.184Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
18/1/2021 - 12:46:2.184Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
18/1/2021 - 12:46:2.278Open2088C:\malware.exeC:\Windows\Fonts\kartika.ttf
18/1/2021 - 12:46:2.278Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
18/1/2021 - 12:46:2.278Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
18/1/2021 - 12:46:2.278Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
18/1/2021 - 12:46:2.372Open2088C:\malware.exeC:\Windows\Fonts\kartikab.ttf
18/1/2021 - 12:46:2.372Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
18/1/2021 - 12:46:2.372Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
18/1/2021 - 12:46:2.372Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
18/1/2021 - 12:46:2.465Open2088C:\malware.exeC:\Windows\Fonts\KhmerUI.ttf
18/1/2021 - 12:46:2.512Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
18/1/2021 - 12:46:2.512Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
18/1/2021 - 12:46:2.512Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
18/1/2021 - 12:46:2.606Open2088C:\malware.exeC:\Windows\Fonts\KhmerUIb.ttf
18/1/2021 - 12:46:2.653Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
18/1/2021 - 12:46:2.653Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
18/1/2021 - 12:46:2.653Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
18/1/2021 - 12:46:2.747Open2088C:\malware.exeC:\Windows\Fonts\LaoUI.ttf
18/1/2021 - 12:46:2.747Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
18/1/2021 - 12:46:2.747Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
18/1/2021 - 12:46:2.747Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
18/1/2021 - 12:46:2.840Open2088C:\malware.exeC:\Windows\Fonts\LaoUIb.ttf
18/1/2021 - 12:46:2.840Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
18/1/2021 - 12:46:2.840Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
18/1/2021 - 12:46:2.840Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
18/1/2021 - 12:46:2.934Open2088C:\malware.exeC:\Windows\Fonts\latha.ttf
18/1/2021 - 12:46:2.934Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
18/1/2021 - 12:46:2.934Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
18/1/2021 - 12:46:2.934Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
18/1/2021 - 12:46:3.28Open2088C:\malware.exeC:\Windows\Fonts\lathab.ttf
18/1/2021 - 12:46:3.28Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
18/1/2021 - 12:46:3.28Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
18/1/2021 - 12:46:3.28Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
18/1/2021 - 12:46:3.122Open2088C:\malware.exeC:\Windows\Fonts\lucon.ttf
18/1/2021 - 12:46:3.168Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:3.168Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:3.168Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:3.450Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:3.590Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
18/1/2021 - 12:46:3.590Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
18/1/2021 - 12:46:3.590Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
18/1/2021 - 12:46:3.872Open2088C:\malware.exeC:\Windows\Fonts\malgunbd.ttf
18/1/2021 - 12:46:4.12Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
18/1/2021 - 12:46:4.12Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
18/1/2021 - 12:46:4.12Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
18/1/2021 - 12:46:4.153Open2088C:\malware.exeC:\Windows\Fonts\mangal.ttf
18/1/2021 - 12:46:4.200Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
18/1/2021 - 12:46:4.200Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
18/1/2021 - 12:46:4.200Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
18/1/2021 - 12:46:4.293Open2088C:\malware.exeC:\Windows\Fonts\mangalb.ttf
18/1/2021 - 12:46:4.340Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:4.340Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:4.340Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:4.997Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:5.700Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:6.75Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:6.497Open2088C:\malware.exeC:\Windows\Fonts\meiryo.ttc
18/1/2021 - 12:46:6.872Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:6.872Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:6.872Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:7.715Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:8.418Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:8.793Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:9.215Open2088C:\malware.exeC:\Windows\Fonts\meiryob.ttc
18/1/2021 - 12:46:9.590Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
18/1/2021 - 12:46:9.590Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
18/1/2021 - 12:46:9.590Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
18/1/2021 - 12:46:9.731Open2088C:\malware.exeC:\Windows\Fonts\himalaya.ttf
18/1/2021 - 12:46:9.778Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:9.778Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:9.778Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:10.153Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:10.481Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
18/1/2021 - 12:46:10.481Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
18/1/2021 - 12:46:10.481Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
18/1/2021 - 12:46:10.809Open2088C:\malware.exeC:\Windows\Fonts\msjhbd.ttf
18/1/2021 - 12:46:11.90Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:11.90Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:11.90Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:11.465Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:11.840Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
18/1/2021 - 12:46:11.840Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
18/1/2021 - 12:46:11.840Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
18/1/2021 - 12:46:12.262Open2088C:\malware.exeC:\Windows\Fonts\msyhbd.ttf
18/1/2021 - 12:46:12.590Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
18/1/2021 - 12:46:12.590Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
18/1/2021 - 12:46:12.590Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
18/1/2021 - 12:46:13.106Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
18/1/2021 - 12:46:13.481Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
18/1/2021 - 12:46:13.481Open2088C:\malware.exeC:\Windows\Fonts\mingliu.ttc
18/1/2021 - 12:46:13.481Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
18/1/2021 - 12:46:13.481Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
18/1/2021 - 12:46:13.481Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
18/1/2021 - 12:46:13.997Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
18/1/2021 - 12:46:14.465Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
18/1/2021 - 12:46:14.465Open2088C:\malware.exeC:\Windows\Fonts\mingliub.ttc
18/1/2021 - 12:46:14.465Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
18/1/2021 - 12:46:14.465Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
18/1/2021 - 12:46:14.465Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
18/1/2021 - 12:46:14.606Open2088C:\malware.exeC:\Windows\Fonts\monbaiti.ttf
18/1/2021 - 12:46:14.700Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
18/1/2021 - 12:46:14.700Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
18/1/2021 - 12:46:14.700Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
18/1/2021 - 12:46:15.122Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
18/1/2021 - 12:46:15.450Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
18/1/2021 - 12:46:15.590Open2088C:\malware.exeC:\Windows\Fonts\msgothic.ttc
18/1/2021 - 12:46:15.684Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
18/1/2021 - 12:46:15.684Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
18/1/2021 - 12:46:15.684Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
18/1/2021 - 12:46:16.12Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
18/1/2021 - 12:46:16.340Open2088C:\malware.exeC:\Windows\Fonts\msmincho.ttc
18/1/2021 - 12:46:16.434Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
18/1/2021 - 12:46:16.434Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
18/1/2021 - 12:46:16.434Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
18/1/2021 - 12:46:16.528Open2088C:\malware.exeC:\Windows\Fonts\mvboli.ttf
18/1/2021 - 12:46:16.528Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
18/1/2021 - 12:46:16.528Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
18/1/2021 - 12:46:16.528Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
18/1/2021 - 12:46:16.622Open2088C:\malware.exeC:\Windows\Fonts\ntailu.ttf
18/1/2021 - 12:46:16.622Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
18/1/2021 - 12:46:16.622Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
18/1/2021 - 12:46:16.622Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
18/1/2021 - 12:46:16.715Open2088C:\malware.exeC:\Windows\Fonts\ntailub.ttf
18/1/2021 - 12:46:16.715Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
18/1/2021 - 12:46:16.715Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
18/1/2021 - 12:46:16.715Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
18/1/2021 - 12:46:16.856Open2088C:\malware.exeC:\Windows\Fonts\nyala.ttf
18/1/2021 - 12:46:16.950Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
18/1/2021 - 12:46:16.950Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
18/1/2021 - 12:46:16.950Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
18/1/2021 - 12:46:17.90Open2088C:\malware.exeC:\Windows\Fonts\phagspa.ttf
18/1/2021 - 12:46:17.137Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
18/1/2021 - 12:46:17.137Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
18/1/2021 - 12:46:17.137Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
18/1/2021 - 12:46:17.278Open2088C:\malware.exeC:\Windows\Fonts\phagspab.ttf
18/1/2021 - 12:46:17.278Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
18/1/2021 - 12:46:17.278Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
18/1/2021 - 12:46:17.278Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
18/1/2021 - 12:46:17.372Open2088C:\malware.exeC:\Windows\Fonts\plantc.ttf
18/1/2021 - 12:46:17.372Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
18/1/2021 - 12:46:17.372Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
18/1/2021 - 12:46:17.372Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
18/1/2021 - 12:46:17.465Open2088C:\malware.exeC:\Windows\Fonts\raavi.ttf
18/1/2021 - 12:46:17.465Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
18/1/2021 - 12:46:17.465Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
18/1/2021 - 12:46:17.465Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
18/1/2021 - 12:46:17.559Open2088C:\malware.exeC:\Windows\Fonts\raavib.ttf
18/1/2021 - 12:46:17.559Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
18/1/2021 - 12:46:17.559Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
18/1/2021 - 12:46:17.559Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
18/1/2021 - 12:46:17.700Open2088C:\malware.exeC:\Windows\Fonts\segoesc.ttf
18/1/2021 - 12:46:17.840Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
18/1/2021 - 12:46:17.840Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
18/1/2021 - 12:46:17.840Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
18/1/2021 - 12:46:17.981Open2088C:\malware.exeC:\Windows\Fonts\segoescb.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
18/1/2021 - 12:46:18.122Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
18/1/2021 - 12:46:18.168Open2088C:\malware.exeC:\Windows\Fonts\segoeuib.ttf
18/1/2021 - 12:46:18.168Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
18/1/2021 - 12:46:18.168Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
18/1/2021 - 12:46:18.168Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
18/1/2021 - 12:46:18.215Open2088C:\malware.exeC:\Windows\Fonts\segoeuii.ttf
18/1/2021 - 12:46:18.215Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
18/1/2021 - 12:46:18.215Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
18/1/2021 - 12:46:18.215Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
18/1/2021 - 12:46:18.356Open2088C:\malware.exeC:\Windows\Fonts\segoeuiz.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisb.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\segoeuil.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\seguisym.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
18/1/2021 - 12:46:18.450Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
18/1/2021 - 12:46:18.590Open2088C:\malware.exeC:\Windows\Fonts\shruti.ttf
18/1/2021 - 12:46:18.637Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
18/1/2021 - 12:46:18.637Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
18/1/2021 - 12:46:18.637Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
18/1/2021 - 12:46:18.778Open2088C:\malware.exeC:\Windows\Fonts\shrutib.ttf
18/1/2021 - 12:46:18.872Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
18/1/2021 - 12:46:18.872Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
18/1/2021 - 12:46:18.872Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
18/1/2021 - 12:46:18.965Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
18/1/2021 - 12:46:19.59Open2088C:\malware.exeC:\Windows\Fonts\simsun.ttc
18/1/2021 - 12:46:19.59Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
18/1/2021 - 12:46:19.59Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
18/1/2021 - 12:46:19.59Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
18/1/2021 - 12:46:19.387Open2088C:\malware.exeC:\Windows\Fonts\simsunb.ttf
18/1/2021 - 12:46:19.575Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
18/1/2021 - 12:46:19.575Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
18/1/2021 - 12:46:19.575Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
18/1/2021 - 12:46:19.668Open2088C:\malware.exeC:\Windows\Fonts\sylfaen.ttf
18/1/2021 - 12:46:19.668Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
18/1/2021 - 12:46:19.668Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
18/1/2021 - 12:46:19.668Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
18/1/2021 - 12:46:19.762Open2088C:\malware.exeC:\Windows\Fonts\taile.ttf
18/1/2021 - 12:46:19.762Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
18/1/2021 - 12:46:19.762Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
18/1/2021 - 12:46:19.762Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\taileb.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\times.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
18/1/2021 - 12:46:19.856Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
18/1/2021 - 12:46:19.997Open2088C:\malware.exeC:\Windows\Fonts\timesi.ttf
18/1/2021 - 12:46:20.90Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
18/1/2021 - 12:46:20.90Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
18/1/2021 - 12:46:20.90Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
18/1/2021 - 12:46:20.137Open2088C:\malware.exeC:\Windows\Fonts\timesbd.ttf
18/1/2021 - 12:46:20.137Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
18/1/2021 - 12:46:20.137Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
18/1/2021 - 12:46:20.137Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
18/1/2021 - 12:46:20.278Open2088C:\malware.exeC:\Windows\Fonts\timesbi.ttf
18/1/2021 - 12:46:20.372Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
18/1/2021 - 12:46:20.372Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
18/1/2021 - 12:46:20.372Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
18/1/2021 - 12:46:20.465Open2088C:\malware.exeC:\Windows\Fonts\tunga.ttf
18/1/2021 - 12:46:20.465Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
18/1/2021 - 12:46:20.465Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
18/1/2021 - 12:46:20.465Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
18/1/2021 - 12:46:20.559Open2088C:\malware.exeC:\Windows\Fonts\tungab.ttf
18/1/2021 - 12:46:20.559Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
18/1/2021 - 12:46:20.559Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
18/1/2021 - 12:46:20.559Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
18/1/2021 - 12:46:20.653Open2088C:\malware.exeC:\Windows\Fonts\vrinda.ttf
18/1/2021 - 12:46:20.653Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
18/1/2021 - 12:46:20.653Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
18/1/2021 - 12:46:20.653Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
18/1/2021 - 12:46:20.747Open2088C:\malware.exeC:\Windows\Fonts\vrindab.ttf
18/1/2021 - 12:46:20.747Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
18/1/2021 - 12:46:20.747Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
18/1/2021 - 12:46:20.747Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
18/1/2021 - 12:46:20.840Open2088C:\malware.exeC:\Windows\Fonts\Shonar.ttf
18/1/2021 - 12:46:20.840Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
18/1/2021 - 12:46:20.840Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
18/1/2021 - 12:46:20.840Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
18/1/2021 - 12:46:20.981Open2088C:\malware.exeC:\Windows\Fonts\Shonarb.ttf
18/1/2021 - 12:46:20.981Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
18/1/2021 - 12:46:20.981Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
18/1/2021 - 12:46:20.981Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
18/1/2021 - 12:46:21.122Open2088C:\malware.exeC:\Windows\Fonts\msyi.ttf
18/1/2021 - 12:46:21.122Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
18/1/2021 - 12:46:21.122Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
18/1/2021 - 12:46:21.122Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
18/1/2021 - 12:46:21.168Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
18/1/2021 - 12:46:21.168Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
18/1/2021 - 12:46:21.168Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
18/1/2021 - 12:46:21.168Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
18/1/2021 - 12:46:21.215Open2088C:\malware.exeC:\Windows\Fonts\tahomabd.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
18/1/2021 - 12:46:21.309Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
18/1/2021 - 12:46:21.403Open2088C:\malware.exeC:\Windows\Fonts\angsa.ttf
18/1/2021 - 12:46:21.403Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
18/1/2021 - 12:46:21.403Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
18/1/2021 - 12:46:21.403Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
18/1/2021 - 12:46:21.497Open2088C:\malware.exeC:\Windows\Fonts\angsai.ttf
18/1/2021 - 12:46:21.497Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
18/1/2021 - 12:46:21.497Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
18/1/2021 - 12:46:21.497Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
18/1/2021 - 12:46:21.590Open2088C:\malware.exeC:\Windows\Fonts\angsab.ttf
18/1/2021 - 12:46:21.590Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
18/1/2021 - 12:46:21.590Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
18/1/2021 - 12:46:21.590Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
18/1/2021 - 12:46:21.684Open2088C:\malware.exeC:\Windows\Fonts\angsaz.ttf
18/1/2021 - 12:46:21.684Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
18/1/2021 - 12:46:21.684Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
18/1/2021 - 12:46:21.684Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
18/1/2021 - 12:46:21.778Open2088C:\malware.exeC:\Windows\Fonts\aparaj.ttf
18/1/2021 - 12:46:21.778Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
18/1/2021 - 12:46:21.778Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
18/1/2021 - 12:46:21.778Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
18/1/2021 - 12:46:21.872Open2088C:\malware.exeC:\Windows\Fonts\aparajb.ttf
18/1/2021 - 12:46:21.872Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
18/1/2021 - 12:46:21.872Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
18/1/2021 - 12:46:21.872Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
18/1/2021 - 12:46:21.965Open2088C:\malware.exeC:\Windows\Fonts\aparajbi.ttf
18/1/2021 - 12:46:21.965Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
18/1/2021 - 12:46:21.965Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
18/1/2021 - 12:46:21.965Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
18/1/2021 - 12:46:22.59Open2088C:\malware.exeC:\Windows\Fonts\aparaji.ttf
18/1/2021 - 12:46:22.59Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
18/1/2021 - 12:46:22.59Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
18/1/2021 - 12:46:22.59Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
18/1/2021 - 12:46:22.137Open2088C:\malware.exeC:\Windows\Fonts\cordia.ttf
18/1/2021 - 12:46:22.137Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
18/1/2021 - 12:46:22.137Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
18/1/2021 - 12:46:22.137Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
18/1/2021 - 12:46:22.231Open2088C:\malware.exeC:\Windows\Fonts\cordiai.ttf
18/1/2021 - 12:46:22.231Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
18/1/2021 - 12:46:22.231Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
18/1/2021 - 12:46:22.231Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
18/1/2021 - 12:46:22.325Open2088C:\malware.exeC:\Windows\Fonts\cordiab.ttf
18/1/2021 - 12:46:22.325Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
18/1/2021 - 12:46:22.325Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
18/1/2021 - 12:46:22.325Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
18/1/2021 - 12:46:22.418Open2088C:\malware.exeC:\Windows\Fonts\cordiaz.ttf
18/1/2021 - 12:46:22.418Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
18/1/2021 - 12:46:22.418Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
18/1/2021 - 12:46:22.418Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
18/1/2021 - 12:46:22.559Open2088C:\malware.exeC:\Windows\Fonts\ebrima.ttf
18/1/2021 - 12:46:22.606Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
18/1/2021 - 12:46:22.606Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
18/1/2021 - 12:46:22.606Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
18/1/2021 - 12:46:22.747Open2088C:\malware.exeC:\Windows\Fonts\ebrimabd.ttf
18/1/2021 - 12:46:22.793Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
18/1/2021 - 12:46:22.793Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
18/1/2021 - 12:46:22.793Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
18/1/2021 - 12:46:22.887Open2088C:\malware.exeC:\Windows\Fonts\gisha.ttf
18/1/2021 - 12:46:22.887Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
18/1/2021 - 12:46:22.887Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
18/1/2021 - 12:46:22.887Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
18/1/2021 - 12:46:22.981Open2088C:\malware.exeC:\Windows\Fonts\gishabd.ttf
18/1/2021 - 12:46:22.981Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
18/1/2021 - 12:46:22.981Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
18/1/2021 - 12:46:22.981Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
18/1/2021 - 12:46:23.75Open2088C:\malware.exeC:\Windows\Fonts\kokila.ttf
18/1/2021 - 12:46:23.75Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
18/1/2021 - 12:46:23.75Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
18/1/2021 - 12:46:23.75Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
18/1/2021 - 12:46:23.168Open2088C:\malware.exeC:\Windows\Fonts\kokilab.ttf
18/1/2021 - 12:46:23.168Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
18/1/2021 - 12:46:23.168Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
18/1/2021 - 12:46:23.168Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
18/1/2021 - 12:46:23.262Open2088C:\malware.exeC:\Windows\Fonts\kokilabi.ttf
18/1/2021 - 12:46:23.262Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
18/1/2021 - 12:46:23.262Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
18/1/2021 - 12:46:23.262Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
18/1/2021 - 12:46:23.356Open2088C:\malware.exeC:\Windows\Fonts\kokilai.ttf
18/1/2021 - 12:46:23.356Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
18/1/2021 - 12:46:23.356Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
18/1/2021 - 12:46:23.356Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
18/1/2021 - 12:46:23.450Open2088C:\malware.exeC:\Windows\Fonts\leelawad.ttf
18/1/2021 - 12:46:23.450Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
18/1/2021 - 12:46:23.450Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
18/1/2021 - 12:46:23.450Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
18/1/2021 - 12:46:23.543Open2088C:\malware.exeC:\Windows\Fonts\leelawdb.ttf
18/1/2021 - 12:46:23.543Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
18/1/2021 - 12:46:23.543Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
18/1/2021 - 12:46:23.543Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
18/1/2021 - 12:46:23.684Open2088C:\malware.exeC:\Windows\Fonts\msuighur.ttf
18/1/2021 - 12:46:23.731Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
18/1/2021 - 12:46:23.731Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
18/1/2021 - 12:46:23.731Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\moolbor.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\symbol.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
18/1/2021 - 12:46:23.825Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
18/1/2021 - 12:46:23.934Open2088C:\malware.exeC:\Windows\Fonts\utsaah.ttf
18/1/2021 - 12:46:23.934Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
18/1/2021 - 12:46:23.934Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
18/1/2021 - 12:46:23.934Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
18/1/2021 - 12:46:24.28Open2088C:\malware.exeC:\Windows\Fonts\utsaahb.ttf
18/1/2021 - 12:46:24.28Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
18/1/2021 - 12:46:24.28Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
18/1/2021 - 12:46:24.28Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
18/1/2021 - 12:46:24.122Open2088C:\malware.exeC:\Windows\Fonts\utsaahbi.ttf
18/1/2021 - 12:46:24.122Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
18/1/2021 - 12:46:24.122Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
18/1/2021 - 12:46:24.122Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
18/1/2021 - 12:46:24.215Open2088C:\malware.exeC:\Windows\Fonts\utsaahi.ttf
18/1/2021 - 12:46:24.215Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
18/1/2021 - 12:46:24.215Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
18/1/2021 - 12:46:24.215Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
18/1/2021 - 12:46:24.309Open2088C:\malware.exeC:\Windows\Fonts\vijaya.ttf
18/1/2021 - 12:46:24.309Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
18/1/2021 - 12:46:24.309Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
18/1/2021 - 12:46:24.309Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
18/1/2021 - 12:46:24.403Open2088C:\malware.exeC:\Windows\Fonts\vijayab.ttf
18/1/2021 - 12:46:24.403Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
18/1/2021 - 12:46:24.403Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
18/1/2021 - 12:46:24.403Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\wingding.ttf
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\modern.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\modern.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\modern.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\roman.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\roman.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\roman.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\script.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\script.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\script.fon
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
18/1/2021 - 12:46:24.497Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
18/1/2021 - 12:46:24.590Open2088C:\malware.exeC:\Windows\Fonts\andlso.ttf
18/1/2021 - 12:46:24.590Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
18/1/2021 - 12:46:24.590Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
18/1/2021 - 12:46:24.590Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
18/1/2021 - 12:46:24.731Open2088C:\malware.exeC:\Windows\Fonts\arabtype.ttf
18/1/2021 - 12:46:24.918Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
18/1/2021 - 12:46:24.918Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
18/1/2021 - 12:46:24.918Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
18/1/2021 - 12:46:25.12Open2088C:\malware.exeC:\Windows\Fonts\simpo.ttf
18/1/2021 - 12:46:25.12Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
18/1/2021 - 12:46:25.12Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
18/1/2021 - 12:46:25.12Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
18/1/2021 - 12:46:25.106Open2088C:\malware.exeC:\Windows\Fonts\simpbdo.ttf
18/1/2021 - 12:46:25.106Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
18/1/2021 - 12:46:25.106Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
18/1/2021 - 12:46:25.106Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
18/1/2021 - 12:46:25.200Open2088C:\malware.exeC:\Windows\Fonts\simpfxo.ttf
18/1/2021 - 12:46:25.200Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
18/1/2021 - 12:46:25.200Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
18/1/2021 - 12:46:25.200Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
18/1/2021 - 12:46:25.340Open2088C:\malware.exeC:\Windows\Fonts\majalla.ttf
18/1/2021 - 12:46:25.481Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
18/1/2021 - 12:46:25.481Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
18/1/2021 - 12:46:25.481Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
18/1/2021 - 12:46:25.622Open2088C:\malware.exeC:\Windows\Fonts\majallab.ttf
18/1/2021 - 12:46:25.762Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
18/1/2021 - 12:46:25.762Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
18/1/2021 - 12:46:25.762Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
18/1/2021 - 12:46:25.856Open2088C:\malware.exeC:\Windows\Fonts\trado.ttf
18/1/2021 - 12:46:25.856Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
18/1/2021 - 12:46:25.856Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
18/1/2021 - 12:46:25.856Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
18/1/2021 - 12:46:25.950Open2088C:\malware.exeC:\Windows\Fonts\tradbdo.ttf
18/1/2021 - 12:46:25.950Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
18/1/2021 - 12:46:25.950Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
18/1/2021 - 12:46:25.950Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
18/1/2021 - 12:46:26.43Open2088C:\malware.exeC:\Windows\Fonts\ahronbd.ttf
18/1/2021 - 12:46:26.43Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
18/1/2021 - 12:46:26.43Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
18/1/2021 - 12:46:26.43Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
18/1/2021 - 12:46:26.137Open2088C:\malware.exeC:\Windows\Fonts\david.ttf
18/1/2021 - 12:46:26.137Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
18/1/2021 - 12:46:26.137Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
18/1/2021 - 12:46:26.137Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
18/1/2021 - 12:46:26.231Open2088C:\malware.exeC:\Windows\Fonts\davidbd.ttf
18/1/2021 - 12:46:26.231Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
18/1/2021 - 12:46:26.231Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
18/1/2021 - 12:46:26.231Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
18/1/2021 - 12:46:26.325Open2088C:\malware.exeC:\Windows\Fonts\frank.ttf
18/1/2021 - 12:46:26.325Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
18/1/2021 - 12:46:26.325Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
18/1/2021 - 12:46:26.325Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
18/1/2021 - 12:46:26.418Open2088C:\malware.exeC:\Windows\Fonts\lvnm.ttf
18/1/2021 - 12:46:26.418Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
18/1/2021 - 12:46:26.418Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
18/1/2021 - 12:46:26.418Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
18/1/2021 - 12:46:26.512Open2088C:\malware.exeC:\Windows\Fonts\lvnmbd.ttf
18/1/2021 - 12:46:26.512Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
18/1/2021 - 12:46:26.512Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
18/1/2021 - 12:46:26.512Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
18/1/2021 - 12:46:26.606Open2088C:\malware.exeC:\Windows\Fonts\mriam.ttf
18/1/2021 - 12:46:26.606Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
18/1/2021 - 12:46:26.606Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
18/1/2021 - 12:46:26.606Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
18/1/2021 - 12:46:26.700Open2088C:\malware.exeC:\Windows\Fonts\mriamc.ttf
18/1/2021 - 12:46:26.700Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
18/1/2021 - 12:46:26.700Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
18/1/2021 - 12:46:26.700Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
18/1/2021 - 12:46:26.793Open2088C:\malware.exeC:\Windows\Fonts\nrkis.ttf
18/1/2021 - 12:46:26.793Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
18/1/2021 - 12:46:26.793Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
18/1/2021 - 12:46:26.793Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
18/1/2021 - 12:46:26.887Open2088C:\malware.exeC:\Windows\Fonts\rod.ttf
18/1/2021 - 12:46:26.887Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
18/1/2021 - 12:46:26.887Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
18/1/2021 - 12:46:26.887Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
18/1/2021 - 12:46:27.168Open2088C:\malware.exeC:\Windows\Fonts\simfang.ttf
18/1/2021 - 12:46:27.262Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
18/1/2021 - 12:46:27.262Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
18/1/2021 - 12:46:27.262Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
18/1/2021 - 12:46:27.543Open2088C:\malware.exeC:\Windows\Fonts\simhei.ttf
18/1/2021 - 12:46:27.637Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
18/1/2021 - 12:46:27.637Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
18/1/2021 - 12:46:27.637Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
18/1/2021 - 12:46:27.918Open2088C:\malware.exeC:\Windows\Fonts\simkai.ttf
18/1/2021 - 12:46:28.12Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
18/1/2021 - 12:46:28.12Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
18/1/2021 - 12:46:28.12Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
18/1/2021 - 12:46:28.106Open2088C:\malware.exeC:\Windows\Fonts\angsau.ttf
18/1/2021 - 12:46:28.106Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
18/1/2021 - 12:46:28.106Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
18/1/2021 - 12:46:28.106Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
18/1/2021 - 12:46:28.200Open2088C:\malware.exeC:\Windows\Fonts\angsaui.ttf
18/1/2021 - 12:46:28.200Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
18/1/2021 - 12:46:28.200Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
18/1/2021 - 12:46:28.200Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
18/1/2021 - 12:46:28.293Open2088C:\malware.exeC:\Windows\Fonts\angsaub.ttf
18/1/2021 - 12:46:28.293Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
18/1/2021 - 12:46:28.293Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
18/1/2021 - 12:46:28.293Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
18/1/2021 - 12:46:28.387Open2088C:\malware.exeC:\Windows\Fonts\angsauz.ttf
18/1/2021 - 12:46:28.387Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
18/1/2021 - 12:46:28.387Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
18/1/2021 - 12:46:28.387Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
18/1/2021 - 12:46:28.481Open2088C:\malware.exeC:\Windows\Fonts\browa.ttf
18/1/2021 - 12:46:28.481Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
18/1/2021 - 12:46:28.481Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
18/1/2021 - 12:46:28.481Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
18/1/2021 - 12:46:28.575Open2088C:\malware.exeC:\Windows\Fonts\browai.ttf
18/1/2021 - 12:46:28.575Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
18/1/2021 - 12:46:28.575Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
18/1/2021 - 12:46:28.575Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
18/1/2021 - 12:46:28.668Open2088C:\malware.exeC:\Windows\Fonts\browab.ttf
18/1/2021 - 12:46:28.668Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
18/1/2021 - 12:46:28.668Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
18/1/2021 - 12:46:28.668Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
18/1/2021 - 12:46:28.762Open2088C:\malware.exeC:\Windows\Fonts\browaz.ttf
18/1/2021 - 12:46:28.762Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
18/1/2021 - 12:46:28.762Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
18/1/2021 - 12:46:28.762Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
18/1/2021 - 12:46:28.856Open2088C:\malware.exeC:\Windows\Fonts\browau.ttf
18/1/2021 - 12:46:28.856Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
18/1/2021 - 12:46:28.856Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
18/1/2021 - 12:46:28.856Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
18/1/2021 - 12:46:28.950Open2088C:\malware.exeC:\Windows\Fonts\browaui.ttf
18/1/2021 - 12:46:28.950Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
18/1/2021 - 12:46:28.950Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
18/1/2021 - 12:46:28.950Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
18/1/2021 - 12:46:29.43Open2088C:\malware.exeC:\Windows\Fonts\browaub.ttf
18/1/2021 - 12:46:29.43Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
18/1/2021 - 12:46:29.43Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
18/1/2021 - 12:46:29.43Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
18/1/2021 - 12:46:29.137Open2088C:\malware.exeC:\Windows\Fonts\browauz.ttf
18/1/2021 - 12:46:29.137Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
18/1/2021 - 12:46:29.137Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
18/1/2021 - 12:46:29.137Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
18/1/2021 - 12:46:29.231Open2088C:\malware.exeC:\Windows\Fonts\cordiau.ttf
18/1/2021 - 12:46:29.231Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
18/1/2021 - 12:46:29.231Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
18/1/2021 - 12:46:29.231Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
18/1/2021 - 12:46:29.325Open2088C:\malware.exeC:\Windows\Fonts\cordiaub.ttf
18/1/2021 - 12:46:29.325Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
18/1/2021 - 12:46:29.325Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
18/1/2021 - 12:46:29.325Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
18/1/2021 - 12:46:29.418Open2088C:\malware.exeC:\Windows\Fonts\cordiauz.ttf
18/1/2021 - 12:46:29.418Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
18/1/2021 - 12:46:29.418Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
18/1/2021 - 12:46:29.418Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
18/1/2021 - 12:46:29.512Open2088C:\malware.exeC:\Windows\Fonts\cordiaui.ttf
18/1/2021 - 12:46:29.512Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
18/1/2021 - 12:46:29.512Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
18/1/2021 - 12:46:29.512Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
18/1/2021 - 12:46:29.606Open2088C:\malware.exeC:\Windows\Fonts\upcdl.ttf
18/1/2021 - 12:46:29.606Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
18/1/2021 - 12:46:29.606Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
18/1/2021 - 12:46:29.606Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
18/1/2021 - 12:46:29.700Open2088C:\malware.exeC:\Windows\Fonts\upcdi.ttf
18/1/2021 - 12:46:29.700Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
18/1/2021 - 12:46:29.700Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
18/1/2021 - 12:46:29.700Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
18/1/2021 - 12:46:29.793Open2088C:\malware.exeC:\Windows\Fonts\upcdb.ttf
18/1/2021 - 12:46:29.793Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
18/1/2021 - 12:46:29.793Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
18/1/2021 - 12:46:29.793Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
18/1/2021 - 12:46:29.887Open2088C:\malware.exeC:\Windows\Fonts\upcdbi.ttf
18/1/2021 - 12:46:29.887Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
18/1/2021 - 12:46:29.887Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
18/1/2021 - 12:46:29.887Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
18/1/2021 - 12:46:29.981Open2088C:\malware.exeC:\Windows\Fonts\upcel.ttf
18/1/2021 - 12:46:29.981Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
18/1/2021 - 12:46:29.981Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
18/1/2021 - 12:46:29.981Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
18/1/2021 - 12:46:30.75Open2088C:\malware.exeC:\Windows\Fonts\upcei.ttf
18/1/2021 - 12:46:30.75Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
18/1/2021 - 12:46:30.75Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
18/1/2021 - 12:46:30.75Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
18/1/2021 - 12:46:30.168Open2088C:\malware.exeC:\Windows\Fonts\upceb.ttf
18/1/2021 - 12:46:30.168Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
18/1/2021 - 12:46:30.168Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
18/1/2021 - 12:46:30.168Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
18/1/2021 - 12:46:30.262Open2088C:\malware.exeC:\Windows\Fonts\upcebi.ttf
18/1/2021 - 12:46:30.262Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
18/1/2021 - 12:46:30.262Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
18/1/2021 - 12:46:30.262Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
18/1/2021 - 12:46:30.356Open2088C:\malware.exeC:\Windows\Fonts\upcfl.ttf
18/1/2021 - 12:46:30.356Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
18/1/2021 - 12:46:30.356Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
18/1/2021 - 12:46:30.356Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
18/1/2021 - 12:46:30.450Open2088C:\malware.exeC:\Windows\Fonts\upcfi.ttf
18/1/2021 - 12:46:30.450Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
18/1/2021 - 12:46:30.450Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
18/1/2021 - 12:46:30.450Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
18/1/2021 - 12:46:30.543Open2088C:\malware.exeC:\Windows\Fonts\upcfb.ttf
18/1/2021 - 12:46:30.543Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
18/1/2021 - 12:46:30.543Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
18/1/2021 - 12:46:30.543Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
18/1/2021 - 12:46:30.637Open2088C:\malware.exeC:\Windows\Fonts\upcfbi.ttf
18/1/2021 - 12:46:30.637Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
18/1/2021 - 12:46:30.637Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
18/1/2021 - 12:46:30.637Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
18/1/2021 - 12:46:30.731Open2088C:\malware.exeC:\Windows\Fonts\upcil.ttf
18/1/2021 - 12:46:30.731Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
18/1/2021 - 12:46:30.731Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
18/1/2021 - 12:46:30.731Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
18/1/2021 - 12:46:30.825Open2088C:\malware.exeC:\Windows\Fonts\upcii.ttf
18/1/2021 - 12:46:30.825Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
18/1/2021 - 12:46:30.825Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
18/1/2021 - 12:46:30.825Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
18/1/2021 - 12:46:30.918Open2088C:\malware.exeC:\Windows\Fonts\upcib.ttf
18/1/2021 - 12:46:30.918Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
18/1/2021 - 12:46:30.918Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
18/1/2021 - 12:46:30.918Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
18/1/2021 - 12:46:31.12Open2088C:\malware.exeC:\Windows\Fonts\upcibi.ttf
18/1/2021 - 12:46:31.12Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
18/1/2021 - 12:46:31.12Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
18/1/2021 - 12:46:31.12Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
18/1/2021 - 12:46:31.106Open2088C:\malware.exeC:\Windows\Fonts\upcjl.ttf
18/1/2021 - 12:46:31.106Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
18/1/2021 - 12:46:31.106Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
18/1/2021 - 12:46:31.106Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
18/1/2021 - 12:46:31.200Open2088C:\malware.exeC:\Windows\Fonts\upcji.ttf
18/1/2021 - 12:46:31.200Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
18/1/2021 - 12:46:31.200Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
18/1/2021 - 12:46:31.200Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
18/1/2021 - 12:46:31.293Open2088C:\malware.exeC:\Windows\Fonts\upcjb.ttf
18/1/2021 - 12:46:31.293Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
18/1/2021 - 12:46:31.293Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
18/1/2021 - 12:46:31.293Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
18/1/2021 - 12:46:31.387Open2088C:\malware.exeC:\Windows\Fonts\upcjbi.ttf
18/1/2021 - 12:46:31.387Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
18/1/2021 - 12:46:31.387Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
18/1/2021 - 12:46:31.387Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
18/1/2021 - 12:46:31.481Open2088C:\malware.exeC:\Windows\Fonts\upckl.ttf
18/1/2021 - 12:46:31.481Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
18/1/2021 - 12:46:31.481Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
18/1/2021 - 12:46:31.481Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
18/1/2021 - 12:46:31.575Open2088C:\malware.exeC:\Windows\Fonts\upcki.ttf
18/1/2021 - 12:46:31.575Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
18/1/2021 - 12:46:31.575Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
18/1/2021 - 12:46:31.575Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
18/1/2021 - 12:46:31.668Open2088C:\malware.exeC:\Windows\Fonts\upckb.ttf
18/1/2021 - 12:46:31.668Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
18/1/2021 - 12:46:31.668Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
18/1/2021 - 12:46:31.668Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
18/1/2021 - 12:46:31.762Open2088C:\malware.exeC:\Windows\Fonts\upckbi.ttf
18/1/2021 - 12:46:31.762Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
18/1/2021 - 12:46:31.762Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
18/1/2021 - 12:46:31.762Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
18/1/2021 - 12:46:31.856Open2088C:\malware.exeC:\Windows\Fonts\upcll.ttf
18/1/2021 - 12:46:31.856Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
18/1/2021 - 12:46:31.856Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
18/1/2021 - 12:46:31.856Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
18/1/2021 - 12:46:31.950Open2088C:\malware.exeC:\Windows\Fonts\upcli.ttf
18/1/2021 - 12:46:31.950Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
18/1/2021 - 12:46:31.950Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
18/1/2021 - 12:46:31.950Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
18/1/2021 - 12:46:32.43Open2088C:\malware.exeC:\Windows\Fonts\upclb.ttf
18/1/2021 - 12:46:32.43Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
18/1/2021 - 12:46:32.43Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
18/1/2021 - 12:46:32.43Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
18/1/2021 - 12:46:32.137Open2088C:\malware.exeC:\Windows\Fonts\upclbi.ttf
18/1/2021 - 12:46:32.137Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
18/1/2021 - 12:46:32.137Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
18/1/2021 - 12:46:32.137Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
18/1/2021 - 12:46:32.418Open2088C:\malware.exeC:\Windows\Fonts\kaiu.ttf
18/1/2021 - 12:46:32.559Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
18/1/2021 - 12:46:32.559Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
18/1/2021 - 12:46:32.559Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\l_10646.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\ariblk.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
18/1/2021 - 12:46:32.700Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
18/1/2021 - 12:46:32.747Open2088C:\malware.exeC:\Windows\Fonts\calibri.ttf
18/1/2021 - 12:46:32.934Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
18/1/2021 - 12:46:32.934Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
18/1/2021 - 12:46:32.934Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
18/1/2021 - 12:46:33.75Open2088C:\malware.exeC:\Windows\Fonts\calibrii.ttf
18/1/2021 - 12:46:33.262Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
18/1/2021 - 12:46:33.262Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
18/1/2021 - 12:46:33.262Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
18/1/2021 - 12:46:33.403Open2088C:\malware.exeC:\Windows\Fonts\calibrib.ttf
18/1/2021 - 12:46:33.590Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
18/1/2021 - 12:46:33.590Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
18/1/2021 - 12:46:33.590Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
18/1/2021 - 12:46:33.731Open2088C:\malware.exeC:\Windows\Fonts\calibriz.ttf
18/1/2021 - 12:46:33.918Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
18/1/2021 - 12:46:33.918Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
18/1/2021 - 12:46:33.918Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
18/1/2021 - 12:46:34.247Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
18/1/2021 - 12:46:34.481Open2088C:\malware.exeC:\Windows\Fonts\cambria.ttc
18/1/2021 - 12:46:34.762Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
18/1/2021 - 12:46:34.762Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
18/1/2021 - 12:46:34.762Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
18/1/2021 - 12:46:34.903Open2088C:\malware.exeC:\Windows\Fonts\cambriai.ttf
18/1/2021 - 12:46:35.137Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
18/1/2021 - 12:46:35.137Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
18/1/2021 - 12:46:35.137Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
18/1/2021 - 12:46:35.278Open2088C:\malware.exeC:\Windows\Fonts\cambriab.ttf
18/1/2021 - 12:46:35.606Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
18/1/2021 - 12:46:35.606Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
18/1/2021 - 12:46:35.606Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
18/1/2021 - 12:46:35.747Open2088C:\malware.exeC:\Windows\Fonts\cambriaz.ttf
18/1/2021 - 12:46:35.981Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
18/1/2021 - 12:46:35.981Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
18/1/2021 - 12:46:35.981Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
18/1/2021 - 12:46:36.75Open2088C:\malware.exeC:\Windows\Fonts\Candara.ttf
18/1/2021 - 12:46:36.75Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
18/1/2021 - 12:46:36.75Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
18/1/2021 - 12:46:36.75Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
18/1/2021 - 12:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\Candarai.ttf
18/1/2021 - 12:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
18/1/2021 - 12:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
18/1/2021 - 12:46:36.168Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
18/1/2021 - 12:46:36.262Open2088C:\malware.exeC:\Windows\Fonts\Candarab.ttf
18/1/2021 - 12:46:36.262Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
18/1/2021 - 12:46:36.262Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
18/1/2021 - 12:46:36.262Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\Candaraz.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comic.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
18/1/2021 - 12:46:36.356Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
18/1/2021 - 12:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\comicbd.ttf
18/1/2021 - 12:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
18/1/2021 - 12:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
18/1/2021 - 12:46:36.450Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
18/1/2021 - 12:46:36.590Open2088C:\malware.exeC:\Windows\Fonts\consola.ttf
18/1/2021 - 12:46:36.637Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
18/1/2021 - 12:46:36.637Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
18/1/2021 - 12:46:36.637Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
18/1/2021 - 12:46:36.778Open2088C:\malware.exeC:\Windows\Fonts\consolai.ttf
18/1/2021 - 12:46:36.825Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
18/1/2021 - 12:46:36.825Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
18/1/2021 - 12:46:36.825Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
18/1/2021 - 12:46:36.965Open2088C:\malware.exeC:\Windows\Fonts\consolab.ttf
18/1/2021 - 12:46:37.12Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
18/1/2021 - 12:46:37.12Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
18/1/2021 - 12:46:37.12Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
18/1/2021 - 12:46:37.153Open2088C:\malware.exeC:\Windows\Fonts\consolaz.ttf
18/1/2021 - 12:46:37.200Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
18/1/2021 - 12:46:37.200Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
18/1/2021 - 12:46:37.200Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
18/1/2021 - 12:46:37.293Open2088C:\malware.exeC:\Windows\Fonts\constan.ttf
18/1/2021 - 12:46:37.387Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
18/1/2021 - 12:46:37.387Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
18/1/2021 - 12:46:37.387Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
18/1/2021 - 12:46:37.481Open2088C:\malware.exeC:\Windows\Fonts\constani.ttf
18/1/2021 - 12:46:37.575Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
18/1/2021 - 12:46:37.575Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
18/1/2021 - 12:46:37.575Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
18/1/2021 - 12:46:37.668Open2088C:\malware.exeC:\Windows\Fonts\constanb.ttf
18/1/2021 - 12:46:37.762Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
18/1/2021 - 12:46:37.762Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
18/1/2021 - 12:46:37.762Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
18/1/2021 - 12:46:37.856Open2088C:\malware.exeC:\Windows\Fonts\constanz.ttf
18/1/2021 - 12:46:37.950Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
18/1/2021 - 12:46:37.950Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
18/1/2021 - 12:46:37.950Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
18/1/2021 - 12:46:38.43Open2088C:\malware.exeC:\Windows\Fonts\corbel.ttf
18/1/2021 - 12:46:38.90Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
18/1/2021 - 12:46:38.90Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
18/1/2021 - 12:46:38.90Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
18/1/2021 - 12:46:38.184Open2088C:\malware.exeC:\Windows\Fonts\corbeli.ttf
18/1/2021 - 12:46:38.231Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
18/1/2021 - 12:46:38.231Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
18/1/2021 - 12:46:38.231Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
18/1/2021 - 12:46:38.325Open2088C:\malware.exeC:\Windows\Fonts\corbelb.ttf
18/1/2021 - 12:46:38.372Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
18/1/2021 - 12:46:38.372Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
18/1/2021 - 12:46:38.372Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
18/1/2021 - 12:46:38.465Open2088C:\malware.exeC:\Windows\Fonts\corbelz.ttf
18/1/2021 - 12:46:38.512Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
18/1/2021 - 12:46:38.512Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
18/1/2021 - 12:46:38.512Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
18/1/2021 - 12:46:38.606Open2088C:\malware.exeC:\Windows\Fonts\framd.ttf
18/1/2021 - 12:46:38.606Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
18/1/2021 - 12:46:38.606Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
18/1/2021 - 12:46:38.606Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
18/1/2021 - 12:46:38.700Open2088C:\malware.exeC:\Windows\Fonts\framdit.ttf
18/1/2021 - 12:46:38.700Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
18/1/2021 - 12:46:38.700Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
18/1/2021 - 12:46:38.700Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
18/1/2021 - 12:46:38.840Open2088C:\malware.exeC:\Windows\Fonts\Gabriola.ttf
18/1/2021 - 12:46:40.387Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
18/1/2021 - 12:46:40.387Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
18/1/2021 - 12:46:40.387Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
18/1/2021 - 12:46:40.481Open2088C:\malware.exeC:\Windows\Fonts\georgia.ttf
18/1/2021 - 12:46:40.481Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
18/1/2021 - 12:46:40.481Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
18/1/2021 - 12:46:40.481Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
18/1/2021 - 12:46:40.575Open2088C:\malware.exeC:\Windows\Fonts\georgiai.ttf
18/1/2021 - 12:46:40.575Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
18/1/2021 - 12:46:40.575Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
18/1/2021 - 12:46:40.575Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
18/1/2021 - 12:46:40.668Open2088C:\malware.exeC:\Windows\Fonts\georgiab.ttf
18/1/2021 - 12:46:40.668Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
18/1/2021 - 12:46:40.668Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
18/1/2021 - 12:46:40.668Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
18/1/2021 - 12:46:40.762Open2088C:\malware.exeC:\Windows\Fonts\georgiaz.ttf
18/1/2021 - 12:46:40.762Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
18/1/2021 - 12:46:40.762Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
18/1/2021 - 12:46:40.762Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
18/1/2021 - 12:46:40.903Open2088C:\malware.exeC:\Windows\Fonts\pala.ttf
18/1/2021 - 12:46:40.903Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
18/1/2021 - 12:46:40.903Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
18/1/2021 - 12:46:40.903Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
18/1/2021 - 12:46:41.43Open2088C:\malware.exeC:\Windows\Fonts\palai.ttf
18/1/2021 - 12:46:41.43Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
18/1/2021 - 12:46:41.43Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
18/1/2021 - 12:46:41.43Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
18/1/2021 - 12:46:41.137Open2088C:\malware.exeC:\Windows\Fonts\palab.ttf
18/1/2021 - 12:46:41.137Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
18/1/2021 - 12:46:41.137Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
18/1/2021 - 12:46:41.137Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
18/1/2021 - 12:46:41.278Open2088C:\malware.exeC:\Windows\Fonts\palabi.ttf
18/1/2021 - 12:46:41.278Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
18/1/2021 - 12:46:41.278Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
18/1/2021 - 12:46:41.278Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
18/1/2021 - 12:46:41.372Open2088C:\malware.exeC:\Windows\Fonts\segoepr.ttf
18/1/2021 - 12:46:41.372Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
18/1/2021 - 12:46:41.372Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
18/1/2021 - 12:46:41.372Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
18/1/2021 - 12:46:41.465Open2088C:\malware.exeC:\Windows\Fonts\segoeprb.ttf
18/1/2021 - 12:46:41.465Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
18/1/2021 - 12:46:41.465Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
18/1/2021 - 12:46:41.465Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
18/1/2021 - 12:46:41.559Open2088C:\malware.exeC:\Windows\Fonts\trebuc.ttf
18/1/2021 - 12:46:41.559Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
18/1/2021 - 12:46:41.559Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
18/1/2021 - 12:46:41.559Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
18/1/2021 - 12:46:41.653Open2088C:\malware.exeC:\Windows\Fonts\trebucit.ttf
18/1/2021 - 12:46:41.653Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
18/1/2021 - 12:46:41.653Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
18/1/2021 - 12:46:41.653Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
18/1/2021 - 12:46:41.747Open2088C:\malware.exeC:\Windows\Fonts\trebucbd.ttf
18/1/2021 - 12:46:41.747Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
18/1/2021 - 12:46:41.747Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
18/1/2021 - 12:46:41.747Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
18/1/2021 - 12:46:41.840Open2088C:\malware.exeC:\Windows\Fonts\trebucbi.ttf
18/1/2021 - 12:46:41.840Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
18/1/2021 - 12:46:41.840Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
18/1/2021 - 12:46:41.840Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
18/1/2021 - 12:46:41.981Open2088C:\malware.exeC:\Windows\Fonts\verdana.ttf
18/1/2021 - 12:46:41.981Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
18/1/2021 - 12:46:41.981Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
18/1/2021 - 12:46:41.981Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
18/1/2021 - 12:46:42.122Open2088C:\malware.exeC:\Windows\Fonts\verdanai.ttf
18/1/2021 - 12:46:42.122Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
18/1/2021 - 12:46:42.122Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
18/1/2021 - 12:46:42.122Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
18/1/2021 - 12:46:42.262Open2088C:\malware.exeC:\Windows\Fonts\verdanab.ttf
18/1/2021 - 12:46:42.262Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
18/1/2021 - 12:46:42.262Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
18/1/2021 - 12:46:42.262Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
18/1/2021 - 12:46:42.403Open2088C:\malware.exeC:\Windows\Fonts\verdanaz.ttf
18/1/2021 - 12:46:42.403Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
18/1/2021 - 12:46:42.403Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
18/1/2021 - 12:46:42.403Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\webdings.ttf
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\coure.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\coure.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\coure.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\serife.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\serife.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\serife.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\sserife.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\sserife.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\sserife.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\smalle.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\smalle.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\smalle.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\smallf.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\smallf.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\smallf.fon
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
18/1/2021 - 12:46:42.497Unknown2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
18/1/2021 - 12:46:42.497Unknown2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.497Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
18/1/2021 - 12:46:42.497Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.543Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.590Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.637Open2088C:\malware.exeC:\Windows\Fonts\calibrili.ttf
18/1/2021 - 12:46:42.637Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.684Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.731Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.778Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.825Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.872Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.918Read2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.965Unknown2088C:\malware.exeC:\Windows\Fonts\calibrili.ttfcalibrili.ttf
18/1/2021 - 12:46:42.965Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
18/1/2021 - 12:46:42.965Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
18/1/2021 - 12:46:42.965Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
18/1/2021 - 12:46:43.106Open2088C:\malware.exeC:\Windows\Fonts\calibril.ttf
18/1/2021 - 12:46:43.481Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DAT
18/1/2021 - 12:46:43.481Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
18/1/2021 - 12:46:43.481Read2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
18/1/2021 - 12:46:43.481Read2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
18/1/2021 - 12:46:43.481Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\GDIPFONTCACHEV1.DATGDIPFONTCACHEV1.DAT
18/1/2021 - 12:46:43.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:43.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\tahoma.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\malgun.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\micross.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\segoeui.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msjh.ttf
18/1/2021 - 12:46:43.856Open2088C:\malware.exeC:\Windows\Fonts\msyh.ttf
18/1/2021 - 12:46:43.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:43.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:44.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:44.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.137Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
18/1/2021 - 12:46:44.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:44.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:44.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.747Open2088C:\malware.exeC:\Windows\Globalization\en-us.nlp
18/1/2021 - 12:46:44.747Open2088C:\malware.exeC:\Windows\Globalization\pt.nlp
18/1/2021 - 12:46:44.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:44.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:44.840Unknown2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:46:44.840Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
18/1/2021 - 12:46:44.981Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
18/1/2021 - 12:46:45.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:45.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:45.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:45.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:45.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:45.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:46.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:46.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:46.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:46.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:46.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:46.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:46.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:46.950Open2088C:\malware.exeC:\malware.config
18/1/2021 - 12:46:46.950Open2088C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
18/1/2021 - 12:46:46.997Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
18/1/2021 - 12:46:46.997Open2088C:\malware.exeC:\Windows\assembly\GAC\System.Windows.Forms.resources\2.0.0.0_pt_b77a5c561934e089
18/1/2021 - 12:46:46.997Open2088C:\malware.exeC:\pt\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:46.997Open2088C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:46.997Open2088C:\malware.exeC:\pt\System.Windows.Forms.resources.exe
18/1/2021 - 12:46:46.997Open2088C:\malware.exeC:\pt\System.Windows.Forms.resources\System.Windows.Forms.resources.exe
18/1/2021 - 12:46:47.43Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/1/2021 - 12:46:47.43Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:46:47.231Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:46:47.231Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:46:47.231Unknown2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\assembly\GAC_32\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:47.231Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:47.231Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.325Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.325Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.325Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.372Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.418Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.465Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.465Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:47.512Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:47.512Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dllSystem.Windows.Forms.resources.dll
18/1/2021 - 12:46:47.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.512Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:47.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:47.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:47.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:48.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:48.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:48.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:48.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.590Open2088C:\malware.exeC:\Windows\Fonts\StaticCache.dat
18/1/2021 - 12:46:48.590Read2088C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/1/2021 - 12:46:48.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:48.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\comctl32.dll
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:46:49.340Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
18/1/2021 - 12:46:49.340Open2088C:\malware.exeC:\Windows\WindowsShell.Manifest
18/1/2021 - 12:46:49.340Unknown2088C:\malware.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
18/1/2021 - 12:46:49.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:49.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:49.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:49.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:50.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt-BR\UuwsCUmKhlFdbkSrDj.resources.dll
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt-BR\UuwsCUmKhlFdbkSrDj.resources\UuwsCUmKhlFdbkSrDj.resources.dll
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt-BR\UuwsCUmKhlFdbkSrDj.resources.exe
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt-BR\UuwsCUmKhlFdbkSrDj.resources\UuwsCUmKhlFdbkSrDj.resources.exe
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt\UuwsCUmKhlFdbkSrDj.resources.dll
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt\UuwsCUmKhlFdbkSrDj.resources\UuwsCUmKhlFdbkSrDj.resources.dll
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt\UuwsCUmKhlFdbkSrDj.resources.exe
18/1/2021 - 12:46:50.122Open2088C:\malware.exeC:\pt\UuwsCUmKhlFdbkSrDj.resources\UuwsCUmKhlFdbkSrDj.resources.exe
18/1/2021 - 12:46:50.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:50.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:50.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:50.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:50.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:46:51.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:51.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.481Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.528Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.715Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:51.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:52.825Open2088C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:46:52.825Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:46:52.965Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:46:52.965Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.12Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.12Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.12Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.59Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.106Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.153Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.200Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.247Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.293Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.293Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.340Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:46:53.340Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:46:53.340Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.387Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.434Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.481Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.528Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.575Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
18/1/2021 - 12:46:53.575Open2088C:\malware.exeC:\VERSION.dll
18/1/2021 - 12:46:53.575Open2088C:\malware.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:46:53.575Open2088C:\malware.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:46:53.575Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.575Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.575Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.622Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:46:53.622Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.622Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:53.668Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:53.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:53.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:53.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:53.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:54.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:55.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:55.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.872Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.918Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:55.965Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.12Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.59Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.106Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.153Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.200Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.247Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.293Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.340Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources.dll
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources.exe
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt\ReZer0V2.resources.dll
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.dll
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt\ReZer0V2.resources.exe
18/1/2021 - 12:46:56.387Open2088C:\malware.exeC:\pt\ReZer0V2.resources\ReZer0V2.resources.exe
18/1/2021 - 12:46:56.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.434Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.481Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:56.528Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:56.575Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.622Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.668Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:56.715Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:56.762Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.809Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.856Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:56.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:56.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:46:57.43Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:57.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:57.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:57.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:57.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:57.278Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:57.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:57.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:57.418Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:57.512Open2088C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:57.512Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:57.606Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:57.606Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:46:57.700Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.700Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:46:57.700Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.747Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.793Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.840Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.887Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.934Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:57.934Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:46:57.934Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:46:57.934Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:46:57.934Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.934Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:46:57.934Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.934Unknown2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.934Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:46:57.981Open2088C:\malware.exeC:\shfolder.dll
18/1/2021 - 12:46:57.981Open2088C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
18/1/2021 - 12:46:57.981Open2088C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
18/1/2021 - 12:46:57.981Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:57.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.684Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.731Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.778Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.825Open2088C:\malware.exeC:\ntmarta.dll
18/1/2021 - 12:46:58.825Open2088C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
18/1/2021 - 12:46:58.825Open2088C:\malware.exeC:\Windows\SysWOW64\ntmarta.dll
18/1/2021 - 12:46:58.825Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:58.825Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:58.825Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.903Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.950Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:58.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.43Read2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:46:59.90Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Unknown2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:46:59.90Write2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.137Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.137Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.184Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.372Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.465Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.465Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:46:59.465Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:46:59.465Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\CYLySYZ.exe
18/1/2021 - 12:46:59.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:46:59.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.559Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.606Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.653Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.700Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.747Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.793Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.840Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.887Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.934Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:46:59.981Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.28Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.75Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.122Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.168Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.215Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:47:0.215Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:47:0.215Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:0.215Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:0.215Write2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:0.215Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:0.215Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.262Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.309Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.356Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.403Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.450Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.497Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.543Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.590Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.637Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Monitor
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\Monitor
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\PROPSYS.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\propsys.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\propsys.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\apphelp.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.684Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.684Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Read2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Unknown2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
18/1/2021 - 12:47:0.700Unknown2088C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
18/1/2021 - 12:47:0.700Open2088C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
18/1/2021 - 12:47:0.700Unknown2088C:\malware.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Windows\SysWOW64\ieframe.dll
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:0.715Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Monitor\schtasks.exe
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\
18/1/2021 - 12:47:0.715Unknown2088C:\malware.exeC:\
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.715Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.715Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.715Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
18/1/2021 - 12:47:0.731Read2088C:\malware.exeC:\Users\Behemot\Desktop\desktop.ini
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\propsys.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\propsys.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\System32\propsys.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\propsys.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\propsys.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\System32\propsys.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\urlmon.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Secur32.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\secur32.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Windows\SysWOW64\secur32.dll
18/1/2021 - 12:47:0.731Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/1/2021 - 12:47:0.731Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\
18/1/2021 - 12:47:0.793Unknown2088C:\malware.exeC:\
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.793Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.793Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.793Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.793Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.793Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
18/1/2021 - 12:47:0.809Open2088C:\malware.exeC:\Monitor
18/1/2021 - 12:47:0.809Unknown2088C:\malware.exeC:\Monitor
18/1/2021 - 12:47:0.809Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.997Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\
18/1/2021 - 12:47:0.997Unknown2088C:\malware.exeC:\
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.997Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.997Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.997Unknown2088C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.997Read2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.997Read2088C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:0.997Open2088C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
18/1/2021 - 12:47:0.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:0.997Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows
18/1/2021 - 12:47:1.43Unknown2744C:\Windows\SysWOW64\schtasks.exeC:\Windows
18/1/2021 - 12:47:1.43Open2744C:\Windows\SysWOW64\schtasks.exeC:\Monitor
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\CRYPTSP.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\RpcRtRemote.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/1/2021 - 12:47:1.122Unknown2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/1/2021 - 12:47:1.122Open2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/1/2021 - 12:47:1.122Unknown2088C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/1/2021 - 12:47:1.278Read2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:1.278Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:1.278Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:1.278Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:1.293Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:1.293Read2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:47:1.340Unknown2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:1.340Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:1.528Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
18/1/2021 - 12:47:1.528Open2744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
18/1/2021 - 12:47:1.622Open2744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:1.622Read2744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:1.622Read2744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:3.28Unknown2744C:\Windows\SysWOW64\schtasks.exeC:\Windows
18/1/2021 - 12:47:3.28Unknown2744C:\Windows\SysWOW64\schtasks.exeC:\Monitor
18/1/2021 - 12:47:3.90Open2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:3.90Open2088C:\malware.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:47:3.90Delete2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:3.90Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:3.90Unknown2088C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp2F46.tmp
18/1/2021 - 12:47:3.90Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.137Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.184Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:3.231Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:3.278Open2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.278Unknown2088C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.325Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
18/1/2021 - 12:47:3.325Read2608C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
18/1/2021 - 12:47:3.325Open2608C:\malware.exe\Device\HarddiskVolume2
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\Favorites
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\Favorites
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\Favorites
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Default
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Default\AppData
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Default\AppData\Roaming
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Users\Default\AppData\Roaming\Microsoft\Windows
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\GAC_32
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\GAC_32
18/1/2021 - 12:47:3.325Read2608C:\malware.exeC:\Windows\assembly\GAC_32
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\GAC_32
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/1/2021 - 12:47:3.325Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\Globalization
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\Globalization
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\Globalization
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\Globalization\Sorting
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\Globalization\Sorting
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\Globalization\Sorting
18/1/2021 - 12:47:3.325Open2608C:\malware.exeC:\Windows\Microsoft.NET
18/1/2021 - 12:47:3.325Unknown2608C:\malware.exeC:\Windows\Microsoft.NET
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\pt-BR
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\pt-BR
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\pt-BR
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Temp
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Temp
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Temp
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Temp
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\ntdll.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\ntdll.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\kernel32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\kernel32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\user32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\user32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\apisetschema.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\locale.nls
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\locale.nls
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\user32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\user32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\lpk.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\lpk.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\usp10.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\usp10.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\msctf.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\msctf.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.mui
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[1].XML
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\ole32.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\ole32.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\profapi.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\profapi.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]cm[1]
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Z2FRITE9.TXT
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.url
18/1/2021 - 12:47:3.340Unknown2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
18/1/2021 - 12:47:3.340Open2608C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dll
18/1/2021 - 12:47:3.356Unknown2608C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
18/1/2021 - 12:47:3.356Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DFST16R9.TXT
18/1/2021 - 12:47:3.356Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/1/2021 - 12:47:3.356Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:3.356Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/1/2021 - 12:47:3.356Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:3.356Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/1/2021 - 12:47:3.356Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:47:3.356Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:47:3.356Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:47:3.356Unknown2608C:\malware.exeC:\Windows\Temp
18/1/2021 - 12:47:3.356Open2608C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\MSN Brasil.urlMSN Brasil.url
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:47:3.356Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\locale.nls
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\Z2FRITE9.TXT
18/1/2021 - 12:47:3.372Read2608C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
18/1/2021 - 12:47:3.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\DFST16R9.TXT
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\Temp
18/1/2021 - 12:47:3.372Open2608C:\malware.exeC:\Windows\Temp\TMP000000A13589B7957053C575
18/1/2021 - 12:47:3.372Read2608C:\malware.exeC:\Windows\System32\pt-BR\mctres.dll.muimctres.dll.mui
18/1/2021 - 12:47:3.372Read2608C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\ntdll.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\kernel32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\user32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\user32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\lpk.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\usp10.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\msctf.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\ole32.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\profapi.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\cm[1]cm[1]
18/1/2021 - 12:47:3.372Unknown2608C:\malware.exe\Device\HarddiskVolume2
18/1/2021 - 12:47:3.372Open2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\System32\wow64log.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:3.387Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\malware.exe.config
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.387Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.387Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:47:3.403Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.403Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.403Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.403Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.403Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\malware.exe.config
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.403Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:3.403Open2608C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/1/2021 - 12:47:3.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:3.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:3.465Read2088C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:3.465Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2088.1116171
18/1/2021 - 12:47:3.465Open2088C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2088.1116171
18/1/2021 - 12:47:3.465Open2088C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2088.1116171
18/1/2021 - 12:47:3.465Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:3.465Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:3.481Read2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.481Read2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Windows
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Monitor
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Windows\Fonts\StaticCache.datStaticCache.dat
18/1/2021 - 12:47:3.622Unknown2088C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:47:3.715Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\malware.config
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.715Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.715Unknown2608C:\malware.exeC:\Monitor\Malware
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.715Unknown2608C:\malware.exeC:\malware.exe
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.715Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.715Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:3.715Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.200Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.247Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\pubpol4.dat
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:47:4.340Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:4.340Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:4.340Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:4.434Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.481Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.528Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.575Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.622Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.668Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.715Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.762Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.809Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.856Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.903Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.950Open2608C:\malware.exeC:\Windows\Globalization\pt-br.nlp
18/1/2021 - 12:47:4.950Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:4.997Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:5.43Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:5.90Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.137Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\VERSION.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.137Read2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/1/2021 - 12:47:5.184Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.231Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.278Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.325Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.372Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.418Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.465Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.512Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.606Open2608C:\malware.exeC:\CRYPTSP.dll
18/1/2021 - 12:47:5.606Open2608C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/1/2021 - 12:47:5.606Open2608C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/1/2021 - 12:47:5.606Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.606Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Open2608C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:5.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:5.700Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
18/1/2021 - 12:47:5.700Open2608C:\malware.exeC:\bcrypt.dll
18/1/2021 - 12:47:5.700Open2608C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/1/2021 - 12:47:5.700Open2608C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/1/2021 - 12:47:5.778Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:15.840Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:15.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:15.934Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
18/1/2021 - 12:47:16.28Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.28Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
18/1/2021 - 12:47:16.28Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.75Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.122Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.168Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.215Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.262Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.309Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.356Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.403Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:16.497Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:47:16.497Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.543Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.590Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.684Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.731Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.778Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.825Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.872Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.918Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:16.965Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.12Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.59Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.106Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.153Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.200Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.247Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.293Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.340Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.387Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.434Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:17.528Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:47:17.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
18/1/2021 - 12:47:17.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wmiutils.dll
18/1/2021 - 12:47:17.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wbemcomn.dll
18/1/2021 - 12:47:17.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
18/1/2021 - 12:47:17.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbemcomn.dll
18/1/2021 - 12:47:17.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
18/1/2021 - 12:47:17.528Unknown2608C:\malware.exeC:\Windows\SysWOW64\wbem\Logs
18/1/2021 - 12:47:17.684Open2608C:\malware.exeC:\RpcRtRemote.dll
18/1/2021 - 12:47:17.684Open2608C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/1/2021 - 12:47:17.684Unknown2608C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/1/2021 - 12:47:17.684Open2608C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/1/2021 - 12:47:17.684Unknown2608C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/1/2021 - 12:47:17.778Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
18/1/2021 - 12:47:17.778Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wbemprox.dll
18/1/2021 - 12:47:18.12Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:18.59Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
18/1/2021 - 12:47:18.59Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
18/1/2021 - 12:47:18.59Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
18/1/2021 - 12:47:18.106Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.106Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
18/1/2021 - 12:47:18.106Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.153Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.200Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.247Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.293Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
18/1/2021 - 12:47:18.293Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.293Open2608C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:47:18.293Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:18.293Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:18.293Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:18.293Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dllWMINet_Utils.dll
18/1/2021 - 12:47:18.293Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:18.293Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:18.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
18/1/2021 - 12:47:18.528Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll
18/1/2021 - 12:47:18.575Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
18/1/2021 - 12:47:18.575Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\fastprox.dll
18/1/2021 - 12:47:18.622Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\NTDSAPI.dll
18/1/2021 - 12:47:18.622Open2608C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
18/1/2021 - 12:47:18.622Open2608C:\malware.exeC:\Windows\SysWOW64\ntdsapi.dll
18/1/2021 - 12:47:18.668Read2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:18.950Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
18/1/2021 - 12:47:20.528Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
18/1/2021 - 12:47:23.606Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\pt-BR\wmiutils.dll.mui
18/1/2021 - 12:47:23.606Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\pt\wmiutils.dll.mui
18/1/2021 - 12:47:23.606Open2608C:\malware.exeC:\Windows\SysWOW64\wbem\en-US\wmiutils.dll.mui
18/1/2021 - 12:47:23.606Read2608C:\malware.exeC:\Windows\SysWOW64\wbem\en-US\wmiutils.dll.muiwmiutils.dll.mui
18/1/2021 - 12:47:23.606Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:23.606Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dllSystem.Management.ni.dll
18/1/2021 - 12:47:23.606Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\7f956ed0-7a78-46a4-fdbd-4d7f5580cbeb
18/1/2021 - 12:47:23.637Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\7f956ed0-7a78-46a4-fdbd-4d7f5580cbeb
18/1/2021 - 12:47:23.637Write2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\7f956ed0-7a78-46a4-fdbd-4d7f5580cbeb7f956ed0-7a78-46a4-fdbd-4d7f5580cbeb
18/1/2021 - 12:47:23.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:23.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:23.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:23.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:23.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/1/2021 - 12:47:23.653Open2608C:\malware.exeC:\dwmapi.dll
18/1/2021 - 12:47:23.653Open2608C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
18/1/2021 - 12:47:23.653Open2608C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\malware.config
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\pt-BR\RebornX Stub.resources.dll
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\pt-BR\RebornX Stub.resources\RebornX Stub.resources.dll
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\pt-BR\RebornX Stub.resources.exe
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\pt-BR\RebornX Stub.resources\RebornX Stub.resources.exe
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/1/2021 - 12:47:23.668Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\malware.exe.Local
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:23.731Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:23.731Unknown2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\Globalization\pt.nlp
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\pt\RebornX Stub.resources.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\pt\RebornX Stub.resources\RebornX Stub.resources.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\pt\RebornX Stub.resources.exe
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\pt\RebornX Stub.resources\RebornX Stub.resources.exe
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\QzDGyxVeWfqjPDajvIpgckKtqCJib.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\QzDGyxVeWfqjPDajvIpgckKtqCJib\QzDGyxVeWfqjPDajvIpgckKtqCJib.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\QzDGyxVeWfqjPDajvIpgckKtqCJib.exe
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\QzDGyxVeWfqjPDajvIpgckKtqCJib\QzDGyxVeWfqjPDajvIpgckKtqCJib.exe
18/1/2021 - 12:47:23.731Read2608C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:47:23.731Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\shfolder.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:23.731Unknown2608C:\malware.exeC:\Windows\SysWOW64
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/1/2021 - 12:47:23.731Open2608C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:23.747Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\
18/1/2021 - 12:47:23.747Unknown2608C:\malware.exeC:\
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:23.747Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:23.747Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:23.747Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:23.747Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:23.747Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
18/1/2021 - 12:47:23.809Open2608C:\malware.exeC:\ntdll.dll
18/1/2021 - 12:47:23.809Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:23.809Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:23.809Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Prefetch\VBC.EXE-7A16F53F.pf
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64log.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:47:23.809Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe.Local
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:47:23.809Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:47:23.809Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc_lng.ini
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.825Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Low
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\Low
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.840Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.840Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:23.903Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:47:23.903Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:47:23.903Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:23.903Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:23.903Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:23.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.809Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:24.809Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:24.809Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:24.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:24.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.137Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.325Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.465Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.512Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.559Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.809Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:25.809Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:25.809Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:25.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.934Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:25.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.168Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.215Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.262Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.309Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.356Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.403Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.450Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.637Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.684Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.731Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.778Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.825Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.825Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:26.825Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:26.825Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:26.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:26.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.137Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.325Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.465Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.512Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.559Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.606Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.653Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.700Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.747Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.793Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.840Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.840Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:27.840Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:27.840Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:27.887Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.934Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:27.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.168Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.215Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.262Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.309Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.356Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.403Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.450Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.637Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.684Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.731Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.778Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.825Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.872Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.872Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:28.872Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:28.872Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:28.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:28.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.903Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:29.903Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:29.903Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:29.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:29.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.903Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:30.903Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:30.903Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:30.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:30.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.137Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.325Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.465Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.512Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.559Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.606Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.653Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.700Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.747Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.793Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.840Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.887Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.934Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:31.934Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:31.934Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:31.934Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:31.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.168Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.215Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.262Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.309Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.356Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.403Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.450Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:32.950Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:32.950Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:32.950Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:32.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.137Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.325Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.465Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.512Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.559Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.606Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.653Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.700Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.747Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.793Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.840Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.887Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.934Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:33.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.28Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:34.28Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:34.28Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:34.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.168Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.215Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:34.262Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.309Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.356Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.403Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.450Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.637Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:34.684Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.731Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.778Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.825Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.872Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:34.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.59Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:35.59Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:35.59Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:35.59Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:35.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.481Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:35.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.903Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:35.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:35.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.90Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:36.90Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:36.90Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:36.137Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.325Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:36.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.637Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.684Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.731Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:36.778Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.825Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.872Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:36.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.106Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:37.106Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:37.106Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:37.153Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:37.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.575Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:37.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.981Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:37.997Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.106Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:38.106Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:38.106Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:38.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.200Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:38.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.622Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:38.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:38.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.43Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:39.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.137Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.137Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:39.137Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:39.137Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:39.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.325Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.465Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:39.512Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.559Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.606Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.653Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.700Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.747Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.793Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.840Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.887Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:39.934Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:39.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.168Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.168Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:40.168Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:40.168Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:40.215Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.262Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.309Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:40.356Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.403Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.450Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.637Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.684Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.731Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:40.778Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.825Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.872Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:40.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.153Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.200Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:41.200Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:41.200Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:41.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.575Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.981Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:41.997Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.12Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.43Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.75Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.90Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.200Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:42.200Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:42.200Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:42.247Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.293Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.668Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.715Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:42.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:42.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.43Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.137Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:43.184Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.231Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.231Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:43.231Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:43.231Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:43.278Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.325Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.372Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.418Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.465Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.512Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.559Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:43.606Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.653Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.700Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.747Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.793Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.840Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.887Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.934Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:43.981Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:44.28Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.75Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.122Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.168Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.215Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.262Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.262Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:44.262Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:44.262Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:44.309Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.356Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.403Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:44.450Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.497Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.543Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.590Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.637Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.684Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.731Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.778Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.825Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:44.872Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.918Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:44.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.12Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.59Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.106Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.153Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.200Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.247Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.293Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.293Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:45.293Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:45.293Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:45.340Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.387Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.434Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.481Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.528Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.575Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.622Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.668Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.715Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.762Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.809Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.856Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.903Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.950Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.965Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.981Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:47:45.997Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Read192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:47:46.90Delete192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\bhv8BCD.tmp
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CRYPTSP.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\cryptsp.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\cryptsp.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.106Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.106Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rsaenh.dll
18/1/2021 - 12:47:46.153Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pstorec.dll
18/1/2021 - 12:47:46.153Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\pstorec.dll
18/1/2021 - 12:47:46.153Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\pstorec.dll
18/1/2021 - 12:47:46.153Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ATL.DLL
18/1/2021 - 12:47:46.153Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\atl.dll
18/1/2021 - 12:47:46.153Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\atl.dll
18/1/2021 - 12:47:46.293Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:46.293Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:46.293Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:47.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:47.325Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:47.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:48.356Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:48.356Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:48.356Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:49.387Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:49.387Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:49.387Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:50.418Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:50.418Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:50.418Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:51.215Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vaultcli.dll
18/1/2021 - 12:47:51.215Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\vaultcli.dll
18/1/2021 - 12:47:51.215Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\vaultcli.dll
18/1/2021 - 12:47:51.450Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:51.450Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:51.450Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:52.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Profiles\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\Profiles\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Mozilla\Firefox\Profiles\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\Profiles\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Mozilla\SeaMonkey\Profiles\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Program Files (x86)\Sea Monkey\nss3.dll
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Vivaldi\User Data\Default\Login Data
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Google\Chrome SxS\User Data\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Chromium\User Data\
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Apple Computer\Preferences\keychain.plist
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Opera\Opera\wand.dat
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Opera\Opera7\profile\wand.dat
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Opera
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable\Login Data
18/1/2021 - 12:47:52.90Open192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:52.90Write192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:52.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:47:52.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:47:52.90Unknown192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:47:52.450Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:52.450Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:52.450Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:52.450Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:53.481Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:53.481Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:53.481Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:53.481Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:54.512Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:54.512Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:54.512Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:54.512Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:55.543Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:55.543Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:55.543Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:55.543Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:56.575Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:56.575Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:56.575Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:56.575Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:57.606Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:57.606Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:57.606Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:57.606Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:58.637Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:58.637Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:58.637Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:58.637Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:59.668Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:59.668Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:59.668Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:47:59.668Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:0.700Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:0.700Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:0.700Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:0.700Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:1.731Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:1.731Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:1.731Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:1.731Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:2.762Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:2.762Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:2.762Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:2.762Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:3.793Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:3.793Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:3.793Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:3.793Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:4.825Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:4.825Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:4.825Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:4.825Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:5.856Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:5.856Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:5.856Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:5.856Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:6.872Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:6.872Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:6.872Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:6.872Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:7.903Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:7.903Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:7.903Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:7.903Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:8.918Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:8.918Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:8.918Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:8.918Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:9.950Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:9.950Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:9.950Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:10.981Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:10.981Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:10.981Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:10.981Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:11.997Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:11.997Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:11.997Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:13.12Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:13.12Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:13.12Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:13.12Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:14.43Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:14.43Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:14.43Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:15.75Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:15.75Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:15.75Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:15.75Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:16.106Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:16.106Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:16.106Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:17.137Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:17.137Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:17.137Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:17.137Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:18.153Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:18.153Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:18.153Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:19.184Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:19.184Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:19.184Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:19.184Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:20.200Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:20.200Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:20.200Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:21.231Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:21.231Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:21.231Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:21.231Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:22.247Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:22.247Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:22.247Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:23.278Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:23.278Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:23.278Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:23.278Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:24.309Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:24.309Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:24.309Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:25.340Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:25.340Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:25.340Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:25.340Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Open2608C:\malware.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:48:26.372Delete2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp8B21.tmp
18/1/2021 - 12:48:26.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:48:26.372Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
18/1/2021 - 12:48:26.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:26.372Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:48:26.372Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:48:26.418Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:26.418Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:26.418Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Prefetch\VBC.EXE-7A16F53F.pf
18/1/2021 - 12:48:26.418Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Prefetch\VBC.EXE-7A16F53F.pfVBC.EXE-7A16F53F.pf
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe\Device\HarddiskVolume2
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32
18/1/2021 - 12:48:26.418Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64
18/1/2021 - 12:48:26.418Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64
18/1/2021 - 12:48:26.418Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\ntdll.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\ntdll.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\kernel32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\kernel32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\kernel32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\kernel32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\user32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\user32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\ntdll.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\ntdll.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\apisetschema.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\KernelBase.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\locale.nls
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\locale.nls
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\msvcrt.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\msvcrt.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\advapi32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\advapi32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rpcrt4.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rpcrt4.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sspicli.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sspicli.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\cryptbase.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\gdi32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\gdi32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\user32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\user32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\lpk.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\lpk.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\usp10.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\usp10.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\wininet.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\wininet.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\shlwapi.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\shlwapi.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\normaliz.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\normaliz.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\iertutil.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\iertutil.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\userenv.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\userenv.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\profapi.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\profapi.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\comdlg32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\comdlg32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\ole32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\ole32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\msctf.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\msctf.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\psapi.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\psapi.dll
18/1/2021 - 12:48:26.465Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:48:26.465Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
18/1/2021 - 12:48:26.465Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\psapi.dll
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\locale.nls
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:48:26.465Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
18/1/2021 - 12:48:26.481Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\ntdll.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\kernel32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\kernel32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\user32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\ntdll.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\msvcrt.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\advapi32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\rpcrt4.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sspicli.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\gdi32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\user32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\lpk.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\usp10.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\version.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\wininet.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\shlwapi.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\normaliz.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\iertutil.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\userenv.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\profapi.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\comdlg32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\shell32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\ole32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\msctf.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe\Device\HarddiskVolume2
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64win.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64cpu.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\System32\wow64log.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe.Local
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.481Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\sechost.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.481Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\imm32.dll
18/1/2021 - 12:48:26.543Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc_lng.ini
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/1/2021 - 12:48:26.637Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:48:26.637Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Mozilla\Profiles
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Roaming\Thunderbird\Profiles
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Program Files (x86)\Mozilla Thunderbird
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pstorec.dll
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\pstorec.dll
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\pstorec.dll
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ATL.DLL
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\atl.dll
18/1/2021 - 12:48:26.637Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\SysWOW64\atl.dll
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{65790683-BB30-4C93-9045-D19A9A107219}.oeaccount
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{65790683-BB30-4C93-9045-D19A9A107219}.oeaccountaccount{65790683-BB30-4C93-9045-D19A9A107219}.oeaccount
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{65790683-BB30-4C93-9045-D19A9A107219}.oeaccountaccount{65790683-BB30-4C93-9045-D19A9A107219}.oeaccount
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccount
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccountaccount{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccount
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccountaccount{CDED0D8D-2EEB-4917-9962-7BCAE7F89B4F}.oeaccount
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccount
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccountaccount{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccount
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\account{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccountaccount{F238BA81-4130-4465-BE2F-F03DD95EEE2C}.oeaccount
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup\new
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Backup
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Read2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail\Stationery
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Mail
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Live Mail
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows Live Mail
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\Logs
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\Logs
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\Logs
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files\Logs
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Files
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Malware
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Malware
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Malware
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\Malware
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\WindowsKernelCaptureDriver Package
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\WindowsKernelCaptureDriver Package
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\WindowsKernelCaptureDriver Package
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor\WindowsKernelCaptureDriver Package
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:48:26.778Open2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Monitor
18/1/2021 - 12:48:26.778Unknown2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/1/2021 - 12:48:27.450Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:27.450Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:27.450Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:28.481Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:28.481Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:28.481Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:29.512Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:29.512Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:29.512Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:30.543Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:30.543Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:30.543Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:31.559Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:31.559Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:31.559Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:32.590Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:32.590Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:32.590Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:33.622Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:33.622Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:33.622Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:34.653Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:34.653Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:34.653Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:35.684Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:35.684Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:35.684Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:36.715Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:36.715Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:36.715Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:37.747Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:37.747Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:37.747Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:38.778Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:38.778Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:38.778Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:39.778Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:39.778Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:39.778Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:40.809Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:40.809Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:40.809Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:41.840Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:41.840Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:41.840Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:42.872Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:42.872Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:42.872Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:43.903Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:43.903Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:43.903Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:44.934Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:44.934Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:44.934Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:45.965Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:45.965Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:45.965Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:46.997Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:46.997Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:46.997Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:48.28Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:48.28Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:48.28Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:49.59Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:49.59Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:49.59Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:50.90Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:50.90Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:50.90Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:51.122Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:51.122Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:51.122Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:52.153Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:52.153Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:52.153Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:53.184Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:53.184Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:53.184Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:54.215Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:54.215Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:54.215Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:55.247Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:55.247Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:55.247Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:56.278Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:56.278Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:56.278Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:57.293Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:57.293Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:57.293Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:58.325Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:58.325Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:58.325Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:59.340Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:59.340Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:48:59.340Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:0.372Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:0.372Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:0.372Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:1.403Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:1.403Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:1.403Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:2.434Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:2.434Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:2.434Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:3.465Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:3.465Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:3.465Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:4.497Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:4.497Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:4.497Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:5.528Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:5.528Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:5.528Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:6.543Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:6.543Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:6.543Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:7.575Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:7.575Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:7.575Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:8.606Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:8.606Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:8.606Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:9.637Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:9.637Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:9.637Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:10.668Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:10.668Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:10.668Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:11.700Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:11.700Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:11.700Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:12.731Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:12.731Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:12.731Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:13.747Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:13.747Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:13.747Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:14.778Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:14.778Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:14.778Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:15.809Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:15.809Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:15.809Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:16.825Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:16.825Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:16.825Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:17.840Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:17.840Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:17.840Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:18.872Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:18.872Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:18.872Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:19.903Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:19.903Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:19.903Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:20.934Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:20.934Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:20.934Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:21.965Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:21.965Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:21.965Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:22.997Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:22.997Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:22.997Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:24.28Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:24.28Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:24.28Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:25.59Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:25.59Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:25.59Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:26.90Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:26.90Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:26.90Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:27.106Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:27.106Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:27.106Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:28.137Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:28.137Read2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:28.137Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:29.168Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:29.168Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:29.168Open2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:29.168Open2608C:\malware.exeC:\Monitor\Files\DeletedFiles
18/1/2021 - 12:49:29.168Delete2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:29.168Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp7FD3.tmp
18/1/2021 - 12:49:29.168Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\FileZilla
18/1/2021 - 12:49:29.168Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
18/1/2021 - 12:49:29.168Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming\.minecraft\lastlogin
18/1/2021 - 12:49:29.168Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.231Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.278Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.325Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.372Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.418Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.465Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.512Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.559Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.606Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.700Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:49:29.747Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:49:29.793Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.840Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.934Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:29.981Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:30.28Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
18/1/2021 - 12:49:30.122Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.122Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
18/1/2021 - 12:49:30.122Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.168Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.215Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.262Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.309Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.356Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.403Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.450Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:49:30.543Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
18/1/2021 - 12:49:30.543Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.590Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.637Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.684Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.731Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.778Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:30.825Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.872Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.918Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:30.965Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
18/1/2021 - 12:49:31.59Unknown2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.59Open2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
18/1/2021 - 12:49:31.59Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.106Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.153Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.200Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.247Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.293Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.340Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.387Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.434Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.481Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.528Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.575Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.622Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.668Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.715Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.762Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.809Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.856Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:49:31.903Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
18/1/2021 - 12:49:31.903Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.950Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:31.997Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.43Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.90Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.137Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.184Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.231Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.278Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:49:32.278Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.278Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:49:32.278Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.278Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:49:32.278Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.325Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.372Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.418Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.465Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.512Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.559Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.559Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.606Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:32.653Open2608C:\malware.exeC:\malware.config
18/1/2021 - 12:49:32.653Open2608C:\malware.exeC:\malware.config
18/1/2021 - 12:49:32.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.700Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.747Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.793Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.840Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:32.934Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:32.981Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.28Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.75Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.122Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.168Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.215Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.262Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:33.309Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
18/1/2021 - 12:49:33.309Open2608C:\malware.exeC:\rasapi32.dll
18/1/2021 - 12:49:33.309Open2608C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
18/1/2021 - 12:49:33.309Open2608C:\malware.exeC:\Windows\SysWOW64\rasapi32.dll
18/1/2021 - 12:49:33.590Open2608C:\malware.exeC:\rasman.dll
18/1/2021 - 12:49:33.590Open2608C:\malware.exeC:\Windows\SysWOW64\rasman.dll
18/1/2021 - 12:49:33.590Open2608C:\malware.exeC:\Windows\SysWOW64\rasman.dll
18/1/2021 - 12:49:33.965Open2608C:\malware.exeC:\rtutils.dll
18/1/2021 - 12:49:33.965Open2608C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
18/1/2021 - 12:49:34.12Open2608C:\malware.exeC:\Windows\SysWOW64\rtutils.dll
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/1/2021 - 12:49:34.340Open2608C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/1/2021 - 12:49:34.340Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:34.387Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
18/1/2021 - 12:49:34.434Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.481Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.528Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:49:34.575Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.622Open2608C:\malware.exeC:\Windows\SysWOW64\tzres.dll
18/1/2021 - 12:49:34.622Open2608C:\malware.exeC:\Windows\SysWOW64\tzres.dll
18/1/2021 - 12:49:34.622Open2608C:\malware.exeC:\Windows\SysWOW64\tzres.dll
18/1/2021 - 12:49:34.622Open2608C:\malware.exeC:\Windows\SysWOW64\tzres.dll
18/1/2021 - 12:49:34.622Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.668Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.715Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.762Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.809Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.856Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.903Open2608C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\Globalization\en-us.nlp
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:49:34.950Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:49:34.950Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:49:34.950Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:49:34.950Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:49:34.950Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/1/2021 - 12:49:34.950Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:49:34.950Unknown2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/1/2021 - 12:49:34.950Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:49:34.950Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.950Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\winhttp.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\webio.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/1/2021 - 12:49:34.997Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\credssp.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/1/2021 - 12:49:34.997Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.997Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\IPHLPAPI.DLL
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\WINNSI.DLL
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\dhcpcsvc6.DLL
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/1/2021 - 12:49:34.997Unknown2608C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/1/2021 - 12:49:34.997Open2608C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/1/2021 - 12:49:34.997Unknown2608C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/1/2021 - 12:49:35.43Open2608C:\malware.exeC:\dhcpcsvc.DLL
18/1/2021 - 12:49:35.43Open2608C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/1/2021 - 12:49:35.43Open2608C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/1/2021 - 12:49:35.137Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.137Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.184Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.700Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.700Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.747Open2608C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
18/1/2021 - 12:49:35.747Open2608C:\malware.exeC:\DNSAPI.dll
18/1/2021 - 12:49:35.747Open2608C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/1/2021 - 12:49:35.747Open2608C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/1/2021 - 12:49:35.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.887Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:35.934Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.28Open2608C:\malware.exeC:\rasadhlp.dll
18/1/2021 - 12:49:36.28Open2608C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/1/2021 - 12:49:36.28Open2608C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/1/2021 - 12:49:36.106Open2608C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/1/2021 - 12:49:36.106Open2608C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/1/2021 - 12:49:36.247Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.465Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/1/2021 - 12:49:36.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.653Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/1/2021 - 12:49:36.668Open2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:49:36.668Open2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:49:36.668Unknown2608C:\malware.exeC:\Users\Behemot
18/1/2021 - 12:49:36.668Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:49:36.668Open2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:49:36.668Unknown2608C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/1/2021 - 12:49:36.668Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:49:36.668Unknown2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Open2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/1/2021 - 12:49:36.668Read2608C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll

Process
Trace
18/1/2021 - 12:47:0.997Create2088C:\malware.exe2744C:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:3.28Terminate2088C:\malware.exe2744C:\Windows\SysWOW64\schtasks.exe
18/1/2021 - 12:47:3.278Create2088C:\malware.exe2608C:\malware.exe
18/1/2021 - 12:47:23.731Create2608C:\malware.exe192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:47:52.90Terminate2608C:\malware.exe192C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:48:26.372Create2608C:\malware.exe2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
18/1/2021 - 12:48:26.778Terminate2608C:\malware.exe2568C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
18/1/2021 - 12:45:56.997Write2088C:\malware.exeHKCU\Software\Microsoft\GDIPlusFontCachePath
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
18/1/2021 - 12:47:0.731Write2088C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
18/1/2021 - 12:49:34.293Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
18/1/2021 - 12:49:34.293Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
18/1/2021 - 12:49:34.293Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileTracingMask
18/1/2021 - 12:49:34.293Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
18/1/2021 - 12:49:34.293Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32MaxFileSize
18/1/2021 - 12:49:34.293Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32FileDirectory
18/1/2021 - 12:49:34.950Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableFileTracing
18/1/2021 - 12:49:34.950Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSEnableConsoleTracing
18/1/2021 - 12:49:34.950Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileTracingMask
18/1/2021 - 12:49:34.950Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSConsoleTracingMask
18/1/2021 - 12:49:34.950Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSMaxFileSize
18/1/2021 - 12:49:34.950Write2608C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCSFileDirectory

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code bot.whatismyipaddress.com.
computer localhost arrow_forward computer gateway:DNS code ftp.tashipta.com.
computer localhost arrow_forward computer gateway:50273 code bot.whatismyipaddress.com.

Response
computer gateway:DNS arrow_forward computer localhost code ftp.tashipta.com. reply_all 103.21.59.28

computer gateway:DNS arrow_forward computer localhost code bot.whatismyipaddress.com. reply_all 66.171.248.178


TCP
Info
computer localhost:65192 arrow_forward 66.171.248.178:80
computer localhost:65193 arrow_forward 103.21.59.28:21
66.171.248.178:80 arrow_forward computer localhost:65192
103.21.59.28:21 arrow_forward computer localhost:65193

UDP
Info
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET bot.whatismyipaddress.com attach_file /

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 51.25%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 98.48%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 54.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 69.18%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 98.79%
suspicious: True check_circle

Add to Collection
Download