Corvus_ - Report #5484

Report #5484

Creation Date: Feb. 10, 2020, 4:36 p.m.
Last Update: Feb. 10, 2020, 6:38 p.m.
File: 2RzrRWD.exe
Results:

General
Static
Detection
Dynamic
Graph
Network
Classification

Binary

DLL

False

Size

804.00KB

trid

34.2% Win32 Dynamic Link Library
23.4% Win32 Executable
10.7% Win16/32 Executable Delphi generic
10.5% OS/2 Executable
10.4% Generic Win/DOS Executable

type

wordsize

Subsystem

Windows GUI

Hashes

md5

6f82a550d892c09cb156b1e6f9c0260e

sha1

dfa2476d28ea87b9017799a786d40d9b7ba049ed

crc32

0x82415079

sha224

911d7c614965fa58a8bad42376abd41d37cc8b1149d435097dbc0760

sha256

336ccdbf82ef415a434fb5c16a51d1c75e282791a6b1e07823c5792579c95ffa

sha384

b903b1173f38f4ceb0aff5b6bcf7302449fab749d20905c0f965d040936c9046cbe37bc767017e8c3178fc09254bc5fa

sha512

1a39aa25ec33c374cb07ccfb62d2c7d26c833bbe8efa75fbf1b667c271782964c0997c92907c547183a6637fe39ef7855b78f86fb828850718cffb833cb33f70

ssdeep

24576:tKCvz7RBXm4FpFFr3S0WXjQELBhPkkQk:wC5Fmkbh3S0WX/N

Community

Google

False

HashLib

False

YARA

Matches

domain, anti_dbg, IP, contentis_base64, IsNET_EXE, IsPacked, DebuggerCheck__RemoteAPI, IsPE32, IsWindowsGUI

Suspicious

True

Strings

List

My.Computer
aA.hM
System.IO
R.ET
System.ComponentModel.Design
bJ.lr
R.Rw
Y.Kr
System.Security.Cryptography
q.il
2.12.1.14
A.co#
4System.Web.Services.Protocols.SoapHttpClientProtocol
YvAP.png
YvAP.png
%A\ee%
emma001.exe
emma001.exe
emma001.exe
15.10.13.8
15.10.13.8
15.10.13.8
<*.2
l1`k!INN
VOa%/O
8.0.0.0
fR&o
%0iN_
wm%oUS~,
%1EMI
%adL{
Rrs%c`.
%s$>-aH
g%ei=.
|J4%sh Eh
S# %A
mscoree.dll
o:\De
J.xxb
DebuggerHiddenAttribute
0.hk@L
VirtualAlloc
VirtualProtect
5BDe
EF9e
4eBd
Ab8E
roT1
09%/
_=EC*N\
PaddingMode
CipherMode
GetHashCode
CreateDecryptor
Rijndael
n@RL:
rsa.C
_9e0d2af90
_e784fe9c5e5
HideModuleNameAttribute
_1778fedd47
_CorExeMain
$Ycmm$ka0A
",:03wLMA2
Y'UR}-S4
LHJWaU2|g
get_Scan0
get_Height
Te?I5m-F}(fV
0+eF91L
_fec2ebd
_2f70ee
2@#DQ/GtWe
3Ic8^ko
4?iV-[RL
9ro@CY_O
get_Computer
7%0/EJNs/T
3LMsQda$K
adR.>-,'i
jT,EtNn8
|5YIks1]n
&>ouw/{A
`IRy*a3P
Y+}WYLrA3
get_Count
get_User
CallWindowProc
get_Width
get_Chars
My.Application
My.WebServices
rmOB0EF1y1
,,8Acwe
get_Stride
get_Module
get_Handle
op_Explicit
get_Default
ENS<]:N<d

Foremost

Matches

0.exe, 804 KB, 28.png, 756 KB

Suspicious

True

Heuristics

IPs

hasIPs: True
Allowed
Suspicious: 2.12.1.14, 0, Unknown, 15.10.13.8, 0, Unknown
hasAllowed: False
hasSuspicious: True

URLs

Allowed
hasURLs: False
Suspicious
hasAllowed: False
hasSuspicious: False

Files

Allowed: user32.dll, mscoree.dll, kernel32.dll
hasFiles: True
Suspicious
hasAllowed: True
hasSuspicious: False

Binary

Sizes

RVA
RVA: 16
Suspicious: False
Code
Size: 38400
Suspicious: False
Image
Address: 4194304
Suspicious: False
Stack
Stack: 4096
Suspicious: False
Headers
Headers: 1024
Suspicious: False
Suspicious: False

Symbols

Number
Number: 0
Suspicious: True
Pointer
Pointer: 0
Suspicious: True
Directories
Number: 16
Suspicious: False

Checksum

Value: 0
Suspicous: True

Sections

Allowed: |j]"s, .text, .rsrc, .reloc,
Suspicious
hasAllowed: True
hasSections: True
hasSuspicious: False

Versions

OS
Version: 4
Suspicious: False
Image
Version: True
Suspicious: 4
Linker
Version: 8.0
Suspicious: False
Subsystem
Version: 4.0
Suspicious: False
Suspicious: False

EntryPoint

Address: 843786
Suspicious: False

Anomalies

Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True

Libraries

Allowed: user32.dll, mscoree.dll, kernel32.dll
hasLibs: True
Suspicious
hasAllowed: True
hasSuspicious: False

Timestamp

Past: False
Valid: True
Value: 2019-01-30 02:41:14
Future: False

Compilation

Packed: False
Missing: True
Packers
Compiled: False
Compilers

Obfuscation

XOR: False
Fuzzing: False

PEDetector

Matches

None

Suspicious

False

Disassembly

hasTricks

True

Tricks

pushret

none: 3
.rsrc: 20
.text: 385

pushpopmath

none: 2
.text: 208

ss register

.text: 8

garbagebytes

none: 1
.rsrc: 1
.text: 127

hookdetection

.text: 19

software breakpoint

.text: 17

fakeconditionaljumps

.text: 10

programcontrolflowchange

none: 1
.rsrc: 1
.text: 117

cpuinstructionsresultscomparison

.rsrc: 1
.text: 2

AVclass

gamarue

VirusTotal

md5

6f82a550d892c09cb156b1e6f9c0260e

sha1

dfa2476d28ea87b9017799a786d40d9b7ba049ed

SCANS (DETECTION RATE = 77.14%)

AVG

result: Win32:TrojanX-gen [Trj]
update: 20191020
version: 18.4.3895.0
detected: True

CMC

update: 20190321
version: 1.1.0.977
detected: False

MAX

result: malware (ai score=100)
update: 20191020
version: 2019.9.16.1
detected: True

APEX

result: Malicious
update: 20191019
version: 5.75
detected: True

Bkav

update: 20191018
version: 1.3.0.10239
detected: False

K7GW

result: Trojan ( 005468b41 )
update: 20191010
version: 11.72.32236
detected: True

ALYac

result: Gen:Variant.Razy.458390
update: 20191020
version: 1.1.1.5
detected: True

Avast

result: Win32:TrojanX-gen [Trj]
update: 20191020
version: 18.4.3895.0
detected: True

Avira

result: HEUR/AGEN.1038876
update: 20191020
version: 8.3.3.8
detected: True

Baidu

update: 20190318
version: 1.0.0.2
detected: False

Cyren

result: W32/Trojan.PFRX-7252
update: 20191020
version: 6.2.2.2
detected: True

DrWeb

result: Trojan.PackedENT.122
update: 20191020
version: 7.0.41.7240
detected: True

GData

result: Gen:Variant.Razy.458390
update: 20191020
version: A:25.23728B:26.16355
detected: True

Panda

result: Trj/GdSda.A
update: 20191020
version: 4.6.4.2
detected: True

VBA32

result: TScope.Trojan.MSIL
update: 20191018
version: 4.2.0
detected: True

Zoner

update: 20191020
version: 1.0.0.1
detected: False

ClamAV

update: 20191020
version: 0.102.0.0
detected: False

Comodo

result: Malware@#1uio4tr6qwz9f
update: 20191020
version: 31624
detected: True

F-Prot

update: 20191020
version: 4.7.1.166
detected: False

Ikarus

result: Trojan.MSIL.Crypt
update: 20191020
version: 0.1.5.2
detected: True

McAfee

result: Packed-FJS!6F82A550D892
update: 20191020
version: 6.0.6.653
detected: True

Rising

update: 20191020
version: 25.0.0.24
detected: False

Sophos

result: Mal/Generic-S
update: 20191020
version: 4.98.0
detected: True

Yandex

result: Trojan.Kryptik!BchlWkEyJ/4
update: 20191018
version: 5.5.2.24
detected: True

Zillya

result: Trojan.Kryptik.Win32.1695004
update: 20191018
version: 2.0.0.3929
detected: True

Acronis

result: suspicious
update: 20191018
version: 1.1.1.58
detected: True

Alibaba

result: Backdoor:MSIL/Kryptik.08c50ca3
update: 20190527
version: 0.3.0.5
detected: True

Arcabit

result: Trojan.Razy.D6FE96
update: 20191020
version: 1.0.0.859
detected: True

Cylance

result: Unsafe
update: 20191020
version: 2.3.1.101
detected: True

Endgame

result: malicious (high confidence)
update: 20190918
version: 3.0.15
detected: True

FireEye

result: Generic.mg.6f82a550d892c09c
update: 20191020
version: 29.7.0.0
detected: True

TACHYON

update: 20191020
version: 2019-10-20.02
detected: False

Tencent

update: 20191020
version: 1.0.0.1
detected: False

ViRobot

update: 20191019
version: 2014.3.20.0
detected: False

Webroot

update: 20191020
version: 1.0.0.403
detected: False

eGambit

result: Unsafe.AI_Score_99%
update: 20191020
version: v5.0.6
detected: True

Ad-Aware

result: Gen:Variant.Razy.458390
update: 20191020
version: 3.0.5.370
detected: True

AegisLab

result: Trojan.MSIL.Androm.4!c
update: 20191020
version: 4.2
detected: True

Emsisoft

result: Trojan.Agent (A)
update: 20191020
version: 2018.12.0.1641
detected: True

F-Secure

result: Heuristic.HEUR/AGEN.1038876
update: 20191020
version: 12.0.86.52
detected: True

Fortinet

result: MSIL/Kryptik.QRK!tr
update: 20191020
version: 5.4.247.0
detected: True

Invincea

result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True

Jiangmin

result: Backdoor.MSIL.bevj
update: 20191020
version: 16.0.100
detected: True

Kingsoft

update: 20191020
version: 2013.8.14.323
detected: False

Paloalto

result: generic.ml
update: 20191020
version: 1.0
detected: True

Symantec

result: ML.Attribute.HighConfidence
update: 20191019
version: 1.11.0.0
detected: True

Trapmine

result: suspicious.low.ml.score
update: 20190826
version: 3.1.81.800
detected: True

AhnLab-V3

result: Win-Trojan/MDA.630F094C
update: 20191019
version: 3.16.3.25410
detected: True

Antiy-AVL

result: Trojan[Backdoor]/MSIL.Androm
update: 20191020
version: 3.0.0.1
detected: True

Kaspersky

result: HEUR:Backdoor.MSIL.Androm.gen
update: 20191020
version: 15.0.1.13
detected: True

MaxSecure

result: Trojan.Malware.73691364.susgen
update: 20191019
version: 1.0.0.1
detected: True

Microsoft

result: Trojan:Win32/Occamy.C
update: 20191020
version: 1.1.16500.1
detected: True

Qihoo-360

result: Win32/Backdoor.9cf
update: 20191020
version: 1.0.0.1120
detected: True

ZoneAlarm

result: HEUR:Backdoor.MSIL.Androm.gen
update: 20191020
version: 1.0
detected: True

Cybereason

result: malicious.0d892c
update: 20190616
version: 1.2.449
detected: True

ESET-NOD32

result: a variant of MSIL/Kryptik.QRK
update: 20191020
version: 20210
detected: True

TrendMicro

result: Backdoor.Win32.ANDROM.THBOAAI
update: 20191020
version: 11.0.0.1006
detected: True

BitDefender

result: Gen:Variant.Razy.458390
update: 20191020
version: 7.2
detected: True

CrowdStrike

result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True

K7AntiVirus

result: Trojan ( 005468b41 )
update: 20191020
version: 11.73.32320
detected: True

SentinelOne

result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True

Avast-Mobile

update: 20191012
version: 191012-04
detected: False

Malwarebytes

update: 20191020
version: 2.1.1.1115
detected: False

TotalDefense

update: 20191020
version: 37.1.62.1
detected: False

CAT-QuickHeal

result: Backdoor.MSIL
update: 20191019
version: 14.00
detected: True

NANO-Antivirus

result: Trojan.Win32.PackedENT.fmneko
update: 20191020
version: 1.0.134.24859
detected: True

MicroWorld-eScan

result: Gen:Variant.Razy.458390
update: 20191020
version: 14.0.297.0
detected: True

SUPERAntiSpyware

update: 20191019
version: 5.6.0.1032
detected: False

McAfee-GW-Edition

result: BehavesLike.Win32.Generic.cc
update: 20191019
version: v2017.3010
detected: True

TrendMicro-HouseCall

result: Backdoor.Win32.ANDROM.THBOAAI
update: 20191020
version: 10.0.0.1040
detected: True

total

sha256

336ccdbf82ef415a434fb5c16a51d1c75e282791a6b1e07823c5792579c95ffa

scan_id

336ccdbf82ef415a434fb5c16a51d1c75e282791a6b1e07823c5792579c95ffa-1571545376

resource

6f82a550d892c09cb156b1e6f9c0260e

permalink

https://www.virustotal.com/file/336ccdbf82ef415a434fb5c16a51d1c75e282791a6b1e07823c5792579c95ffa/analysis/1571545376/

positives

scan_date

2019-10-20 04:22:56

verbose_msg

Scan finished, information embedded

response_code

File

Trace

10/2/2020 - 17:45:44.856	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:44.903	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:44.903	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:44.903	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:44.903	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:44.903	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:44.903	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:44.903	Open	1480	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:45:44.903	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/2/2020 - 17:45:44.918	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/2/2020 - 17:45:44.918	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/2/2020 - 17:45:44.918	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/2/2020 - 17:45:44.918	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
10/2/2020 - 17:45:44.981	Unknown	1480	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:44.981	Unknown	1480	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:44.981	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/2/2020 - 17:45:44.981	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/2/2020 - 17:45:45.75	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/2/2020 - 17:45:45.75	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Unknown	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:45.106	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.106	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\
10/2/2020 - 17:45:45.106	Unknown	1480	C:\malware.exe	C:\
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:45.106	Unknown	1480	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:45.106	Unknown	1480	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.106	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rpcss.dll
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rpcss.dll
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:45.106	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\l_intl.nls
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:45:45.215	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:45:45.215	Open	1480	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:45:45.215	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.215	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.215	Open	1480	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:45.215	Unknown	1480	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.231	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.231	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:45.231	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:45.231	Open	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:45.247	Open	1480	C:\malware.exe	C:\Windows\assembly\pubpol4.dat
10/2/2020 - 17:45:45.247	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC\PublisherPolicy.tme
10/2/2020 - 17:45:45.247	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:45.247	Unknown	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Unknown	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:45.247	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/2/2020 - 17:45:45.262	Unknown	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.309	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.356	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.403	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.450	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.497	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.543	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.590	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:45.778	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:45.778	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.825	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.872	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:45.965	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.12	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.59	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.153	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.200	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.293	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.340	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.434	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.481	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.528	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.575	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.622	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.668	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.715	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.762	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.809	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.856	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:46.903	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:46.997	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.137	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.184	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.231	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.278	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.325	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.372	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.418	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.465	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.465	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.512	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.559	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.606	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.653	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.700	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.747	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.793	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:47.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:47.934	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:47.934	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:47.934	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:47.934	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:47.934	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.934	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\VERSION.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:47.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.12	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.59	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.153	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.200	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.293	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.340	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.387	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.481	Open	1480	C:\malware.exe	C:\Windows\Globalization\pt-br.nlp
10/2/2020 - 17:45:48.481	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.528	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.575	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.622	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.668	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.715	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.762	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.809	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.856	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.903	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:48.997	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.137	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.184	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.231	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.278	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.325	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.372	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.418	Open	1480	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:49.418	Open	1480	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:49.418	Unknown	1480	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:49.418	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:49.418	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:49.418	Unknown	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:49.418	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.465	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.512	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.559	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.606	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:49.606	Unknown	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.606	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.700	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.747	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.793	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:49.840	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:49.887	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:49.934	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.28	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.75	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:50.75	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/2/2020 - 17:45:50.215	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/2/2020 - 17:45:50.309	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.356	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.403	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.450	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.543	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.590	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.637	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.731	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.778	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/2/2020 - 17:45:50.778	Open	1480	C:\malware.exe	C:\bcrypt.dll
10/2/2020 - 17:45:50.778	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:45:50.778	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:45:50.825	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.872	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:50.965	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.12	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.59	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:51.106	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.153	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.200	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.293	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:51.340	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.387	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.434	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.481	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.528	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.575	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:51.622	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.668	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.715	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.762	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.856	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.903	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:51.997	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.137	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.184	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.231	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.278	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.325	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.372	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.418	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.465	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.512	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.559	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.606	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.653	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.700	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.747	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.793	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.840	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.903	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:52.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:52.997	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.90	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.137	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.184	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.278	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.325	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.372	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.465	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:53.512	Read	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:53.559	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.606	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.653	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.700	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.747	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.793	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.840	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.887	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.934	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:53.981	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.28	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.75	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.122	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.168	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.309	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.356	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.403	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:54.450	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/2/2020 - 17:45:54.590	Unknown	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.590	Open	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/2/2020 - 17:45:54.590	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.637	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.684	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.731	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.778	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.825	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.872	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.918	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:54.965	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.12	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.59	Open	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:55.153	Unknown	1480	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:55.153	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.200	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.247	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.293	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.340	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.387	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.434	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.481	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.528	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.575	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.622	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.668	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:55.715	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.762	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.809	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.856	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.903	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:55.997	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
10/2/2020 - 17:45:55.997	Open	1480	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:45:55.997	Open	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/2/2020 - 17:45:55.997	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/2/2020 - 17:45:55.997	Open	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/2/2020 - 17:45:55.997	Open	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/2/2020 - 17:45:56.43	Open	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
10/2/2020 - 17:45:56.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.43	Open	1480	C:\malware.exe	C:\WindowsCodecs.dll
10/2/2020 - 17:45:56.43	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\WindowsCodecs.dll
10/2/2020 - 17:45:56.43	Unknown	1480	C:\malware.exe	C:\Windows\SysWOW64\WindowsCodecs.dll	WindowsCodecs.dll
10/2/2020 - 17:45:56.43	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\WindowsCodecs.dll
10/2/2020 - 17:45:56.43	Unknown	1480	C:\malware.exe	C:\Windows\SysWOW64\WindowsCodecs.dll	WindowsCodecs.dll
10/2/2020 - 17:45:56.122	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.168	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.215	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.262	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.309	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.356	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.403	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.450	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.497	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.543	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:56.590	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.637	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:56.793	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:56.856	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:56.903	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:56.950	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:56.997	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.43	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.137	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.184	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.231	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.278	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:57.325	Read	1480	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:57.465	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.465	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.465	Open	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.465	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.465	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.465	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\apphelp.dll
10/2/2020 - 17:45:57.465	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\apphelp.dll
10/2/2020 - 17:45:57.465	Unknown	1480	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Windows\Prefetch\MALWARE.EXE-20920919.pf
10/2/2020 - 17:45:57.512	Read	2412	C:\malware.exe	C:\Windows\Prefetch\MALWARE.EXE-20920919.pf	MALWARE.EXE-20920919.pf
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	\Device\HarddiskVolume2
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows
10/2/2020 - 17:45:57.512	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:45:57.512	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:45:57.528	Open	2412	C:\malware.exe	C:\Users\Behemot\Favorites
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites
10/2/2020 - 17:45:57.528	Open	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links
10/2/2020 - 17:45:57.528	Open	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links for Brasil
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links for Brasil
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links for Brasil
10/2/2020 - 17:45:57.528	Open	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.528	Open	2412	C:\malware.exe	C:\Windows\assembly
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Windows\assembly
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Windows\assembly
10/2/2020 - 17:45:57.528	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32
10/2/2020 - 17:45:57.528	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32
10/2/2020 - 17:45:57.528	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32
10/2/2020 - 17:45:57.575	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116453
10/2/2020 - 17:45:57.575	Open	1480	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116453
10/2/2020 - 17:45:57.575	Open	1480	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116515
10/2/2020 - 17:45:57.575	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32
10/2/2020 - 17:45:57.575	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib
10/2/2020 - 17:45:57.575	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib
10/2/2020 - 17:45:57.575	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib
10/2/2020 - 17:45:57.575	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL
10/2/2020 - 17:45:57.575	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL
10/2/2020 - 17:45:57.575	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\CRYPTSP.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\cryptsp.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\cryptsp.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.622	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.637	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.637	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:45:57.637	Open	1480	C:\malware.exe	C:\RpcRtRemote.dll
10/2/2020 - 17:45:57.637	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll
10/2/2020 - 17:45:57.637	Unknown	1480	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll	RpcRtRemote.dll
10/2/2020 - 17:45:57.637	Open	1480	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll
10/2/2020 - 17:45:57.637	Unknown	1480	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll	RpcRtRemote.dll
10/2/2020 - 17:45:57.637	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL
10/2/2020 - 17:45:57.637	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/2/2020 - 17:45:57.637	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/2/2020 - 17:45:57.637	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
10/2/2020 - 17:45:57.637	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:57.637	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:57.637	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:45:57.637	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32
10/2/2020 - 17:45:57.637	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32
10/2/2020 - 17:45:57.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32
10/2/2020 - 17:45:57.684	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32
10/2/2020 - 17:45:57.684	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Globalization
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Globalization
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Globalization
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Globalization\Sorting
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Globalization\Sorting
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Globalization\Sorting
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\System32
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\System32
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\System32
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\SysWOW64
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\Temp
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Temp
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\Temp
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.700	Open	2412	C:\malware.exe	C:\Windows\System32\ntdll.dll
10/2/2020 - 17:45:57.700	Unknown	2412	C:\malware.exe	C:\Windows\System32\ntdll.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\System32\wow64.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\System32\wow64.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\System32\wow64win.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\System32\wow64win.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\System32\wow64cpu.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\System32\wow64cpu.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\System32\kernel32.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\System32\kernel32.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\kernel32.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\kernel32.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\System32\user32.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\System32\user32.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ntdll.dll
10/2/2020 - 17:45:57.715	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\ntdll.dll
10/2/2020 - 17:45:57.715	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mscoree.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\mscoree.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\System32\apisetschema.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\System32\apisetschema.dll	apisetschema.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\KernelBase.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\KernelBase.dll	KernelBase.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\System32\locale.nls
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\System32\locale.nls
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\advapi32.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\advapi32.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\msvcrt.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\msvcrt.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\sechost.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\sechost.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rpcrt4.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\rpcrt4.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\sspicli.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\sspicli.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\cryptbase.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\cryptbase.dll	cryptbase.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\shlwapi.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\shlwapi.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\gdi32.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\gdi32.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\user32.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\user32.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\lpk.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\lpk.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\usp10.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\usp10.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\msctf.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\msctf.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\System32\mctres.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\System32\mctres.dll
10/2/2020 - 17:45:57.762	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.762	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\shell32.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\shell32.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ole32.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\ole32.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\profapi.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\profapi.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\Temp\TMP000000A2AF46498673C01EB8
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\Temp\TMP000000A13589B7957053C575
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\System32\WindowsCodecsExt.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\System32\WindowsCodecsExt.dll	WindowsCodecsExt.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:45:57.778	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:45:57.778	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Windows\System32\mctres.dll
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url	Microsoft Brasil.url
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Users\Behemot\Favorites\Links\Galeria do Web Slice.url	Galeria do Web Slice.url
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:57.778	Read	2412	C:\malware.exe	C:\Windows\System32\WindowsCodecsExt.dll	WindowsCodecsExt.dll
10/2/2020 - 17:45:57.793	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\locale.nls
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
10/2/2020 - 17:45:57.793	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
10/2/2020 - 17:45:57.793	Open	2412	C:\malware.exe	C:\Windows\Temp\TMP000000A2AF46498673C01EB8
10/2/2020 - 17:45:57.793	Read	2412	C:\malware.exe	C:\Windows\System32\mctres.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\ntdll.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\wow64.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\wow64win.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\wow64cpu.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\kernel32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\kernel32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\user32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\ntdll.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\mscoree.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\System32\apisetschema.dll	apisetschema.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\KernelBase.dll	KernelBase.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\advapi32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\msvcrt.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\sechost.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\rpcrt4.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\sspicli.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\cryptbase.dll	cryptbase.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\shlwapi.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\gdi32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\user32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\lpk.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\usp10.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\msctf.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\shell32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\ole32.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\profapi.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:45:57.793	Unknown	2412	C:\malware.exe	\Device\HarddiskVolume2
10/2/2020 - 17:45:57.793	Open	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.793	Open	2412	C:\malware.exe	C:\Windows\System32\wow64.dll
10/2/2020 - 17:45:57.872	Unknown	1480	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.872	Unknown	1480	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.872	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.872	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.872	Unknown	1480	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
10/2/2020 - 17:45:57.872	Open	2412	C:\malware.exe	C:\Windows\System32\wow64.dll
10/2/2020 - 17:45:57.872	Open	2412	C:\malware.exe	C:\Windows\System32\wow64win.dll
10/2/2020 - 17:45:57.872	Open	2412	C:\malware.exe	C:\Windows\System32\wow64win.dll
10/2/2020 - 17:45:57.872	Open	2412	C:\malware.exe	C:\Windows\System32\wow64cpu.dll
10/2/2020 - 17:45:57.872	Open	2412	C:\malware.exe	C:\Windows\System32\wow64cpu.dll
10/2/2020 - 17:45:57.872	Open	2412	C:\malware.exe	C:\Windows\System32\wow64log.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.887	Unknown	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mscoree.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mscoree.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\sechost.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\sechost.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\MSCOREE.DLL.local
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.887	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\imm32.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.887	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.887	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.887	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.887	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/2/2020 - 17:45:57.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:57.903	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.903	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.903	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.903	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.903	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\Globalization\Sorting\SortDefault.nls	SortDefault.nls
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/2/2020 - 17:45:57.903	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.903	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\Monitor
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.965	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rpcss.dll
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rpcss.dll
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:57.965	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\uxtheme.dll
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\l_intl.nls
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:45:58.12	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:58.12	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:58.12	Unknown	2412	C:\malware.exe	C:\Monitor\Malware
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:58.12	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:58.12	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:58.12	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:45:58.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:58.106	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:58.153	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:58.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\pubpol4.dat
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC\PublisherPolicy.tme
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:58.247	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:45:58.247	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/2/2020 - 17:45:58.247	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
10/2/2020 - 17:45:58.247	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/2/2020 - 17:45:58.247	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
10/2/2020 - 17:45:58.247	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll	System.Drawing.ni.dll
10/2/2020 - 17:45:58.247	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.340	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.340	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.528	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.622	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.668	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.856	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.903	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:58.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.90	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.137	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.184	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.231	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.372	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.418	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.465	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.559	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.606	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.653	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.700	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.747	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.793	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.887	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:45:59.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:46:0.28	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:46:0.28	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.590	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:46:0.590	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:46:0.590	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:0.590	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:0.590	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.731	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.778	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.825	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.872	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.903	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:0.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.90	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.137	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.184	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.231	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.372	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.418	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.465	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.559	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.606	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.653	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.700	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.747	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.793	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:1.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:1.887	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:1.887	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\Globalization\pt-br.nlp
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:46:1.887	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\bcrypt.dll
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:46:1.887	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\bcrypt.dll
10/2/2020 - 17:46:1.887	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\VERSION.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\version.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:1.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:1.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:2.28	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\CRYPTSP.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\cryptsp.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\cryptsp.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rsaenh.dll
10/2/2020 - 17:46:2.122	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:2.309	Open	2412	C:\malware.exe	C:\RpcRtRemote.dll
10/2/2020 - 17:46:2.309	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll
10/2/2020 - 17:46:2.309	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll	RpcRtRemote.dll
10/2/2020 - 17:46:2.309	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll
10/2/2020 - 17:46:2.309	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\RpcRtRemote.dll	RpcRtRemote.dll
10/2/2020 - 17:46:2.356	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemcomn.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbemcomn.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbemcomn.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\Logs
10/2/2020 - 17:46:2.356	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\Logs
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\advapi32.dll
10/2/2020 - 17:46:2.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\advapi32.dll
10/2/2020 - 17:46:2.372	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemprox.dll
10/2/2020 - 17:46:2.372	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemprox.dll
10/2/2020 - 17:46:2.372	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wmiutils.dll
10/2/2020 - 17:46:2.372	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wmiutils.dll
10/2/2020 - 17:46:2.606	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemsvc.dll
10/2/2020 - 17:46:2.606	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemsvc.dll
10/2/2020 - 17:46:3.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\fastprox.dll
10/2/2020 - 17:46:3.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\fastprox.dll
10/2/2020 - 17:46:3.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\NTDSAPI.dll
10/2/2020 - 17:46:3.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ntdsapi.dll
10/2/2020 - 17:46:3.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ntdsapi.dll
10/2/2020 - 17:46:3.450	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:3.497	Open	2412	C:\malware.exe	C:\SXS.DLL
10/2/2020 - 17:46:3.497	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\sxs.dll
10/2/2020 - 17:46:3.497	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\sxs.dll
10/2/2020 - 17:46:3.497	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.497	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
10/2/2020 - 17:46:3.497	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:3.512	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll	Microsoft.VisualBasic.dll
10/2/2020 - 17:46:3.512	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.512	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wbem\wbemdisp.tlb
10/2/2020 - 17:46:3.512	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:3.981	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:3.981	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.981	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.997	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.997	Open	2412	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:46:3.997	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:3.997	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:3.997	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:3.997	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.997	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll	CustomMarshalers.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:3.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:4.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:4.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:4.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:4.12	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\oleaut32.DLL
10/2/2020 - 17:46:4.809	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/2/2020 - 17:46:4.809	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:4.809	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.856	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.903	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:4.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:5.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.90	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.137	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:5.184	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:5.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.418	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.465	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:5.559	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/2/2020 - 17:46:5.606	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.606	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/2/2020 - 17:46:5.606	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.653	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.700	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.747	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.793	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10/2/2020 - 17:46:5.793	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.793	Open	2412	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:46:5.793	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:5.793	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:5.793	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:5.793	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll	WMINet_Utils.dll
10/2/2020 - 17:46:5.793	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fdef4c991303c17ece877574f240249f\System.Management.ni.dll	System.Management.ni.dll
10/2/2020 - 17:46:5.981	Read	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:46:6.309	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\oleaut32.dll
10/2/2020 - 17:46:11.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.59	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.106	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.106	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.153	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.153	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.200	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.200	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.247	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\tzres.dll
10/2/2020 - 17:46:11.247	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\tzres.dll
10/2/2020 - 17:46:11.247	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\tzres.dll
10/2/2020 - 17:46:11.247	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\tzres.dll
10/2/2020 - 17:46:11.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.293	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.528	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.622	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.668	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.668	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Open	2412	C:\malware.exe	C:\dwmapi.dll
10/2/2020 - 17:46:11.715	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dwmapi.dll
10/2/2020 - 17:46:11.715	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dwmapi.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:11.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.309	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
10/2/2020 - 17:46:27.309	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.356	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:27.403	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:27.450	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.497	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.543	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.590	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.731	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.778	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.825	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.872	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:27.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.59	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:28.106	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:28.153	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:28.200	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.293	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:28.481	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
10/2/2020 - 17:46:28.575	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.575	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
10/2/2020 - 17:46:28.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.622	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.668	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.715	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.856	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.903	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:28.950	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:28.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:28.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.90	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.137	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.184	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:29.231	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:29.418	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/2/2020 - 17:46:29.512	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.512	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
10/2/2020 - 17:46:29.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.559	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.606	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.653	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.700	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.747	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.793	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.887	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:29.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.28	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.75	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.122	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.168	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.215	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.262	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.309	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:46:30.356	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
10/2/2020 - 17:46:30.356	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.403	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.450	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.497	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.543	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.590	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:30.731	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:46:30.731	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:30.731	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:46:30.731	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:30.731	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
10/2/2020 - 17:46:30.731	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.778	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.825	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.872	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:30.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:31.12	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:31.59	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config	machine.config
10/2/2020 - 17:46:31.106	Open	2412	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:46:31.106	Open	2412	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:46:31.106	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:31.153	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:31.200	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:31.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:31.293	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:31.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:31.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:31.434	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:31.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:31.528	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:31.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:31.622	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
10/2/2020 - 17:46:31.622	Open	2412	C:\malware.exe	C:\rasapi32.dll
10/2/2020 - 17:46:31.622	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rasapi32.dll
10/2/2020 - 17:46:31.622	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rasapi32.dll
10/2/2020 - 17:46:31.903	Open	2412	C:\malware.exe	C:\rasman.dll
10/2/2020 - 17:46:31.903	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rasman.dll
10/2/2020 - 17:46:31.903	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rasman.dll
10/2/2020 - 17:46:32.278	Open	2412	C:\malware.exe	C:\rtutils.dll
10/2/2020 - 17:46:32.278	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rtutils.dll
10/2/2020 - 17:46:32.325	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rtutils.dll
10/2/2020 - 17:46:32.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:32.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mswsock.dll
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mswsock.dll
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\WSHTCPIP.DLL
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\WSHTCPIP.DLL
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wship6.dll
10/2/2020 - 17:46:32.731	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wship6.dll
10/2/2020 - 17:46:32.731	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:32.778	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll	System.Configuration.ni.dll
10/2/2020 - 17:46:32.825	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:32.872	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:32.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:32.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.12	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.59	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.106	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.153	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.200	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.247	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:33.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:33.387	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:33.387	Open	2412	C:\malware.exe	C:\Windows\Globalization\en-us.nlp
10/2/2020 - 17:46:33.387	Open	2412	C:\malware.exe	C:\malware.exe.config
10/2/2020 - 17:46:33.387	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:33.387	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:33.387	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:33.387	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/2/2020 - 17:46:33.481	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.481	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/2/2020 - 17:46:33.481	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.528	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.575	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.622	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.668	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:33.715	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:33.715	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.715	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:33.762	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:33.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:33.856	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:33.903	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\winhttp.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\winhttp.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\winhttp.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\webio.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\webio.dll
10/2/2020 - 17:46:33.997	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\webio.dll
10/2/2020 - 17:46:33.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.43	Open	2412	C:\malware.exe	C:\credssp.dll
10/2/2020 - 17:46:34.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\credssp.dll
10/2/2020 - 17:46:34.43	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\credssp.dll
10/2/2020 - 17:46:34.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.90	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\IPHLPAPI.DLL
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\IPHLPAPI.DLL
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\IPHLPAPI.DLL
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\WINNSI.DLL
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\winnsi.dll
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\winnsi.dll
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\dhcpcsvc6.DLL
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dhcpcsvc6.dll
10/2/2020 - 17:46:34.137	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\dhcpcsvc6.dll	dhcpcsvc6.dll
10/2/2020 - 17:46:34.137	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dhcpcsvc6.dll
10/2/2020 - 17:46:34.137	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\dhcpcsvc6.dll	dhcpcsvc6.dll
10/2/2020 - 17:46:34.184	Open	2412	C:\malware.exe	C:\dhcpcsvc.DLL
10/2/2020 - 17:46:34.184	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dhcpcsvc.dll
10/2/2020 - 17:46:34.184	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dhcpcsvc.dll
10/2/2020 - 17:46:34.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.372	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.418	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.465	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
10/2/2020 - 17:46:34.465	Open	2412	C:\malware.exe	C:\DNSAPI.dll
10/2/2020 - 17:46:34.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dnsapi.dll
10/2/2020 - 17:46:34.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\dnsapi.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.512	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:34.559	Open	2412	C:\malware.exe	C:\rasadhlp.dll
10/2/2020 - 17:46:34.559	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rasadhlp.dll
10/2/2020 - 17:46:34.559	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\rasadhlp.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:36.918	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
10/2/2020 - 17:46:36.918	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:36.918	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
10/2/2020 - 17:46:36.918	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll
10/2/2020 - 17:46:36.918	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\system.resources.dll	system.resources.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:36.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.215	Write	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.215	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:39.231	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.231	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.231	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.231	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.231	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe
10/2/2020 - 17:46:39.231	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\MyApp\MyApp.exe:Zone.Identifier
10/2/2020 - 17:46:39.231	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:39.231	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:39.231	Open	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.231	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp
10/2/2020 - 17:46:39.231	Unknown	2412	C:\malware.exe	C:\malware.exe
10/2/2020 - 17:46:39.231	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Temp
10/2/2020 - 17:46:39.278	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:39.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:39.372	Read	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:46:41.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:41.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:41.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:41.809	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll	System.Xml.ni.dll
10/2/2020 - 17:46:41.856	Open	2412	C:\malware.exe	C:\shfolder.dll
10/2/2020 - 17:46:41.856	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\shfolder.dll
10/2/2020 - 17:46:41.856	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\shfolder.dll
10/2/2020 - 17:46:41.872	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:41.872	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:41.872	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Google\Chrome\User Data\
10/2/2020 - 17:46:41.872	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:41.918	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:41.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.28	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.75	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.122	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.168	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.215	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.262	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.309	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.356	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.403	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:42.450	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\profiles.ini
10/2/2020 - 17:46:42.450	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.497	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.543	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.590	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:42.684	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Mozilla\Firefox\logins.json
10/2/2020 - 17:46:42.684	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_32\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/2/2020 - 17:46:42.684	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/2/2020 - 17:46:42.731	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/2/2020 - 17:46:42.731	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.809	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.809	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.809	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.856	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.903	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.950	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:42.997	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/2/2020 - 17:46:43.43	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a
10/2/2020 - 17:46:43.43	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll	Microsoft.VisualBasic.resources.dll
10/2/2020 - 17:46:43.43	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.90	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Opera Software\Opera Stable\Login Data
10/2/2020 - 17:46:43.90	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
10/2/2020 - 17:46:43.90	Open	2412	C:\malware.exe	C:\pt-BR\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.dll
10/2/2020 - 17:46:43.90	Open	2412	C:\malware.exe	C:\pt-BR\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.dll
10/2/2020 - 17:46:43.90	Open	2412	C:\malware.exe	C:\pt-BR\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.exe
10/2/2020 - 17:46:43.90	Open	2412	C:\malware.exe	C:\pt-BR\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.exe
10/2/2020 - 17:46:43.137	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/2/2020 - 17:46:43.137	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:43.325	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:43.325	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
10/2/2020 - 17:46:43.325	Unknown	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\Windows\Globalization\pt.nlp
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\pt\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.dll
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\pt\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.dll
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\pt\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.exe
10/2/2020 - 17:46:43.325	Open	2412	C:\malware.exe	C:\pt\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources\SJBVYTPFMQUFIQIVGRMLHUMDWGTXQPBVATXAQGQC_20190129234102699.resources.exe
10/2/2020 - 17:46:43.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.325	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.340	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.340	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ieframe.dll
10/2/2020 - 17:46:43.340	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ieframe.dll
10/2/2020 - 17:46:43.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/2/2020 - 17:46:43.356	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll	api-ms-win-downlevel-shell32-l1-1-0.dll
10/2/2020 - 17:46:43.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
10/2/2020 - 17:46:43.356	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll	api-ms-win-downlevel-shell32-l1-1-0.dll
10/2/2020 - 17:46:43.356	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\ieframe.dll
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\malware.exe.Local
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\WindowsShell.Manifest
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Windows\WindowsShell.Manifest	WindowsShell.Manifest
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Secur32.dll
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\secur32.dll
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\secur32.dll
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:46:43.403	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.403	Open	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Users\Behemot
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\History
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll	api-ms-win-downlevel-advapi32-l2-1-0.dll
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
10/2/2020 - 17:46:43.418	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll	api-ms-win-downlevel-advapi32-l2-1-0.dll
10/2/2020 - 17:46:43.418	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\MLANG.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mlang.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mlang.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/2/2020 - 17:46:43.465	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll	api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/2/2020 - 17:46:43.465	Unknown	2412	C:\malware.exe	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll	api-ms-win-downlevel-shlwapi-l2-1-0.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\PROPSYS.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\propsys.dll
10/2/2020 - 17:46:43.465	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\propsys.dll
10/2/2020 - 17:46:43.481	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll
10/2/2020 - 17:46:43.481	Unknown	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Open	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Open	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:43.481	Unknown	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.481	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.528	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.528	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.575	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6df834912e7d38c7d69ee01b291897f6\System.Security.ni.dll	System.Security.ni.dll
10/2/2020 - 17:46:43.668	Open	2412	C:\malware.exe	C:\Program Files (x86)
10/2/2020 - 17:46:43.668	Unknown	2412	C:\malware.exe	C:\Program Files (x86)
10/2/2020 - 17:46:43.668	Open	2412	C:\malware.exe	C:\Program Files (x86)\Common Files\Apple\Apple Application Support\plutil.exe
10/2/2020 - 17:46:43.668	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
10/2/2020 - 17:46:43.668	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Mozilla\SeaMonkey\logins.json
10/2/2020 - 17:46:43.668	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
10/2/2020 - 17:46:43.668	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Flock\Browser\profiles.ini
10/2/2020 - 17:46:43.684	Open	2412	C:\malware.exe	C:\Program Files (x86)\Mozilla Firefox\nss3.dll
10/2/2020 - 17:46:43.684	Open	2412	C:\malware.exe	C:\Program Files (x86)\Postbox\nss3.dll
10/2/2020 - 17:46:43.684	Open	2412	C:\malware.exe	C:\Program Files (x86)\Mozilla Thunderbird\nss3.dll
10/2/2020 - 17:46:43.684	Open	2412	C:\malware.exe	C:\Program Files (x86)\SeaMonkey\nss3.dll
10/2/2020 - 17:46:43.684	Open	2412	C:\malware.exe	C:\Program Files (x86)\Flock\nss3.dll
10/2/2020 - 17:46:43.684	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Flock\Browser\signons3.txt
10/2/2020 - 17:46:43.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.684	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:43.684	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Chromium\User Data\Default\Login Data
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\Torch\User Data\Default\Login Data
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\UCBrowser
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Thunderbird\profiles.ini
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Thunderbird\signons.sqlite
10/2/2020 - 17:46:43.731	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Thunderbird\logins.json
10/2/2020 - 17:46:43.793	Open	2412	C:\malware.exe	C:\Storage
10/2/2020 - 17:46:43.793	Open	2412	C:\malware.exe	C:\mail
10/2/2020 - 17:46:43.793	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
10/2/2020 - 17:46:43.793	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
10/2/2020 - 17:46:43.793	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
10/2/2020 - 17:46:43.793	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Pocomail\accounts.ini
10/2/2020 - 17:46:43.809	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\The Bat!
10/2/2020 - 17:46:43.809	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Postbox\profiles.ini
10/2/2020 - 17:46:43.809	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Postbox\signons.sqlite
10/2/2020 - 17:46:43.809	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\FileZilla\recentservers.xml
10/2/2020 - 17:46:43.809	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
10/2/2020 - 17:46:43.809	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\CoreFTP\sites.idx
10/2/2020 - 17:46:43.825	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:43.872	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.153	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mpr.dll
10/2/2020 - 17:46:44.153	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\mpr.dll
10/2/2020 - 17:46:44.153	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\scrrun.dll
10/2/2020 - 17:46:44.153	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\scrrun.dll
10/2/2020 - 17:46:44.528	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.528	Read	2412	C:\malware.exe	C:\Windows\SysWOW64\wshom.ocx
10/2/2020 - 17:46:44.575	Read	2412	C:\malware.exe	C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
10/2/2020 - 17:46:44.622	Read	2412	C:\malware.exe	C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll	mscorlib.resources.dll
10/2/2020 - 17:46:44.622	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:44.622	Open	2412	C:\malware.exe	C:\FTP Navigator\Ftplist.txt
10/2/2020 - 17:46:44.622	Open	2412	C:\malware.exe	C:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
10/2/2020 - 17:46:44.622	Open	2412	C:\malware.exe	C:\ProgramData\APPDATA\ROAMING\FLASHFXP\3QUICK.DAT
10/2/2020 - 17:46:44.622	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:44.622	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/2/2020 - 17:46:44.637	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	mscorlib.ni.dll
10/2/2020 - 17:46:44.637	Open	2412	C:\malware.exe	C:\Users\Behemot\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
10/2/2020 - 17:46:44.637	Open	2412	C:\malware.exe	C:\cftp\Ftplist.txt
10/2/2020 - 17:46:44.637	Open	2412	C:\malware.exe	C:\Program Files (x86)\jDownloader\config\database.script
10/2/2020 - 17:46:47.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.934	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.950	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.965	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:46:47.981	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:46:47.997	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll	System.Windows.Forms.ni.dll
10/2/2020 - 17:47:48.418	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\FWPUCLNT.DLL
10/2/2020 - 17:47:48.418	Open	2412	C:\malware.exe	C:\Windows\SysWOW64\FWPUCLNT.DLL
10/2/2020 - 17:47:48.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:47:48.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:47:48.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:47:48.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:47:48.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll
10/2/2020 - 17:47:48.840	Read	2412	C:\malware.exe	C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll	System.ni.dll

Process

Trace

10/2/2020 - 17:45:57.465

Create

1480

C:\malware.exe

2412

C:\malware.exe

Analysis

Reason

Timeout

Status

Sucessfully Executed

Results

Registry

Trace

10/2/2020 - 17:46:32.637	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32	EnableFileTracing
10/2/2020 - 17:46:32.637	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32	EnableConsoleTracing
10/2/2020 - 17:46:32.637	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32	FileTracingMask
10/2/2020 - 17:46:32.637	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32	ConsoleTracingMask
10/2/2020 - 17:46:32.637	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32	MaxFileSize
10/2/2020 - 17:46:32.637	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASAPI32	FileDirectory
10/2/2020 - 17:46:33.387	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCS	EnableFileTracing
10/2/2020 - 17:46:33.387	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCS	EnableConsoleTracing
10/2/2020 - 17:46:33.387	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCS	FileTracingMask
10/2/2020 - 17:46:33.387	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCS	ConsoleTracingMask
10/2/2020 - 17:46:33.387	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCS	MaxFileSize
10/2/2020 - 17:46:33.387	Write	2412	C:\malware.exe	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\malware_RASMANCS	FileDirectory
10/2/2020 - 17:46:39.231	Write	2412	C:\malware.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Run	MyApp
10/2/2020 - 17:46:43.403	Write	2412	C:\malware.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	CachePrefix
10/2/2020 - 17:46:43.403	Write	2412	C:\malware.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	CachePrefix
10/2/2020 - 17:46:43.403	Write	2412	C:\malware.exe	HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	CachePrefix

File Summary

Created

Identified: True

Deleted

Identified: False

Process Summary

Created

Identified: True

Deleted

Identified: False

Registry Summary

Proxy

Identified: False

AutoRun

Identified: False

Created

Identified: True

Deleted

Identified: False

Browsers

Identified: False

Internet

Identified: True

Loading...

DNS

Query

localhost gateway:DNS checkip.amazonaws.com.
localhost gateway:50273 fleeetship.com.
localhost gateway:DNS fleeetship.com.

Response

gateway:DNS localhost checkip.amazonaws.com. 18.233.90.151

TCP

Info

18.214.111.125:80 localhost:65191
localhost:65191 18.214.111.125:80

UDP

Info

localhost:53 localhost:55394
localhost:55394 localhost:53
localhost:50273 localhost:53
localhost:53 localhost:50273

HTTP

Info

localhost GET checkip.amazonaws.com /

Summary

DNS

True

TCP

True

UDP

True

HTTP

True

Results

BINARY

KNN (K=3, NFS-BRMalware)

confidence: 66.67%
suspicious: False

Decision Tree (NFS-BRMalware)

confidence: 100.00%
suspicious: True

SVC (Kernel=Linear, NFS-BRMalware)

confidence: 41.51%
suspicious: False

MalConv (Ember: Raw Bytes, Threshold=0.5)

confidence: 98.81%
suspicious: True

Random Forest (100 estimators, NFS-BRMalware)

confidence: 68.00%
suspicious: True

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)

confidence: 39.52%
suspicious: True

LightGDM (Ember: File Characteristics, Threshold=0.8336)

confidence: 100.00%
suspicious: True

Report #5484 check_circle

Binary

Hashes

Community

YARA

Strings

Foremost

Heuristics

PEDetector

Disassembly

AVclass

VirusTotal

File

Process

Analysis

Registry

File Summary

Process Summary

Registry Summary

Loading...

DNS

TCP

UDP

HTTP

Summary

Results

Report #5484