Report #6604 check_circle

  • Creation Date: Feb. 18, 2020, 1:14 p.m.
  • Last Update: Feb. 18, 2020, 3:13 p.m.
  • File: fIfxHffB.exe
  • Results:
Binary
DLL
False cancel
Size
960.72KB
trid
38.4% Win32 Dynamic Link Library
26.3% Win32 Executable
11.8% OS/2 Executable
11.6% Generic Win/DOS Executable
11.6% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
35d323e81428db4e90fc5a639e06b2ff
sha1
bc48200ec477ed53a72fc7b1adf48fed1ebe8b26
crc32
0x51f9e609
sha224
c8437a887300f5de8820cd80aede30a402ea6c6f24678168f2f91730
sha256
e9ed161187e56e47758bbb9b4edc3ca837e6899d76ee890303e10fb599cd6d7a
sha384
6136c159392bba5b295d8a2568d14a229f43643ffbd499739de0d441293b89459353c299c417a009b5e3c18c75048b3b
sha512
a661c33ef8105e0c179e8f40f5c7b0bd57be55b27ed72e08c5da34ebfc099360cdb9b7334bea4e15074539c62cac401e0dd665d5deed6f978d5955ed196151fb
ssdeep
12288:xLSWbZD5fCaJ8AOk9tCQNM2gFAlm1K+DTgcm2e38ua6V7Ypy/xHqkuMMVSQNks:Fbrzok9tCMbwkcFSZzqkUSQNJ
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, HasDigitalSignature, url, IP, contentis_base64, NETexecutableMicrosoft, IsNET_EXE, IsPacked, HasOverlay, IsPE32, IsWindowsGUI

Suspicious
True check_circle

Strings
List
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
https://secure.comodo.net/CPS0C
System.Security
contato@soniceletronic.com.br0
http://ocsp.comodoca.com0
http://ocsp.comodoca.com0(
System.IO
p.sr
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.http://crl.thawte.com/ThawteTimestampingCA.crl0
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
%p.NI
k.sN
Vf.nG
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Cryptography
Z.ec
System.Security.Permissions
T.ocw
System.IO.Compression
B.rsrc
2.5.70.0
2.5.70.0
2.5.70.0
2.5.70.0
http://ts-ocsp.ws.symantec.com07
HostProtectionException
*.\8
*.<6
*.1\
fD\A>
>e-D
? He
to-D
dX}V:5T%AN.
:3*t3V#se%p
o%%ht
2h%a&
s%1ER
\AG%di<
%)ow%AH
r%s{m
SF&%n
dG%fI
System.Windows.Forms
publickeytoken=
mscoree.dll
COMODO RSA Code Signing CA
V.eg^m
c7b6007217cefeb25c84cc8868ca3564a
c9ca315555123ae219f8ce480f7eca0c5
ce9ad03ed29c3344ef8d50f3dff881295
c394289a26e2b3c5018ee14c362d63e62
c9167e0f5572631e992e4d4103d67c477
c2008a51226ea093ef82c7229f3c7d800
c1ace1a68736ec4f7fe1c9486005506e3
c774735151213e12358a6dc1ddefa0aad
c03d8e256e4d932d37af7962885ad3e27
c4aa733ba1dd238e391d61b1115faa808
c4801d2136bb14e201dbd0d3090e837a9
c4ed5359ae5a24b8d4a91fca4a483022b
ce5640d03c23d5b70da1d5cd8387037a3
c87f189d3e02f7d5dbfae89e9a3fc33e7
c4ee5eb652dcba21cbfa2120bdc059602
cb5fc3b9bafb2c6aaf7e3a57042f650eb
c4de4dfcd2e7a589e3ead273f9b442335
c071ec2ee4aa7d0103e857a6fe8a3d4c1
c39c1e0247f5da33bbe4bb3fcefbc74ef
c6b8865bc2cc5d7ca99f7cad65e763bda
CompressionMode
SecurityAction
c8d33d458d3cf2d225f65078c7834a71a
c2d55746c796f623e88c7dcef2c24c54b
DeflateStream
5ED1
E0C0A
cd7b2b8cb4b9b67ec0ef95737acc9d784
cdcf8704c6827bc17ac09b0a76fcec5df
cce2be8bbd4fb9db5c5e05f1bfe685329
c76205db60beaa0bcddfbb390219626cf
PublicKeyToken=
c77d4d915d197b78169b1e061d93bc6f2
COMODO CA Limited1#0!
COMODO CA Limited1+0)
COMODO CA Limited1#0!
COMODO CA Limited1#0!
in 4
"COMODO RSA Certification Authority0
http://ocsp.thawte.com0
CreateDecryptor
ICryptoTransform
|t&o
COMODO RSA Code Signing CA0
COMODO RSA Code Signing CA0
PDrRJmBQj.exe
PDrRJmBQj.exe
PDrRJmBQj.exe

Foremost
Matches
0.exe, 954 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: True check_circle
Suspicious: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(, http://ocsp.comodoca.com0, http://crl.thawte.com/thawtetimestampingca.crl0, http://crl.comodoca.com/comodorsacertificationauthority.crl0q, http://crl.comodoca.com/comodorsacodesigningca.crl0t, http://ocsp.thawte.com0, http://crt.comodoca.com/comodorsaaddtrustca.crt0$, https://secure.comodo.net/cps0c, http://ocsp.comodoca.com0(, http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<, http://crt.comodoca.com/comodorsacodesigningca.crt0$, http://ts-ocsp.ws.symantec.com07
hasAllowed: False cancel
hasSuspicious: True check_circle

Files
Allowed: mscoree.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 976384
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1040692
Suspicous: False cancel

Sections
Allowed: .text, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 712690
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: mscoree.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2017-05-09 11:05:17
Future: False cancel

Compilation
Packed: False cancel
Missing: True check_circle
Packers
Compiled: False cancel
Compilers

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 26
.text: 376

pushpopmath
.rsrc: 2
.text: 234

ss register
.text: 7

garbagebytes
.rsrc: 12
.text: 129

hookdetection
.text: 21

software breakpoint
.text: 9

fakeconditionaljumps
.text: 9

programcontrolflowchange
.rsrc: 12
.text: 123

cpuinstructionsresultscomparison
.rsrc: 15
.text: 3

AVclass
high
1
VirusTotal
md5
35d323e81428db4e90fc5a639e06b2ff
sha1
bc48200ec477ed53a72fc7b1adf48fed1ebe8b26
SCANS (DETECTION RATE = 60.56%)
AVG
result: FileRepMalware
update: 20190721
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=85)
update: 20190721
version: 2018.9.12.1
detected: True check_circle

APEX
update: 20190719
version: 5.40
detected: False cancel

Bkav
update: 20190719
version: 1.3.0.10239
detected: False cancel

K7GW
update: 20190720
version: 11.57.31537
detected: False cancel

ALYac
result: Trojan.GenericKD.5159572
update: 20190721
version: 1.1.1.5
detected: True check_circle

Avast
update: 20190721
version: 18.4.3895.0
detected: False cancel

Avira
result: TR/Fuery.jfgkz
update: 20190720
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
update: 20190721
version: 6.2.0.1
detected: False cancel

DrWeb
result: Trojan.PWS.Banker1.22569
update: 20190721
version: 7.0.34.11020
detected: True check_circle

GData
result: Trojan.GenericKD.5159572
update: 20190721
version: A:25.22797B:25.15603
detected: True check_circle

Panda
result: Trj/CI.A
update: 20190720
version: 4.6.4.2
detected: True check_circle

VBA32
result: Trojan.MSIL.Crypt
update: 20190719
version: 4.0.0
detected: True check_circle

VIPRE
result: Trojan.Win32.Generic!BT
update: 20190720
version: 76538
detected: True check_circle

Zoner
update: 20190720
version: 1.0
detected: False cancel

ClamAV
update: 20190720
version: 0.101.2.0
detected: False cancel

Comodo
result: Malware@#if909y397bzp
update: 20190721
version: 31203
detected: True check_circle

F-Prot
update: 20190721
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.SuspectCRC
update: 20190720
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!35D323E81428
update: 20190721
version: 6.0.6.653
detected: True check_circle

Rising
update: 20190721
version: 25.0.0.24
detected: False cancel

Sophos
result: Mal/Generic-S
update: 20190721
version: 4.98.0
detected: True check_circle

Yandex
update: 20190719
version: 5.5.2.24
detected: False cancel

Zillya
result: Trojan.FebiposCRTD.Win32.11129
update: 20190719
version: 2.0.0.3857
detected: True check_circle

Acronis
result: suspicious
update: 20190718
version: 1.0.1.51
detected: True check_circle

Alibaba
result: Trojan:MSIL/Crypt.385d6062
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Trojan.Generic.D4EBA94
update: 20190721
version: 1.0.0.850
detected: True check_circle

Cylance
result: Unsafe
update: 20190721
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190522
version: 3.0.12
detected: True check_circle

FireEye
result: Generic.mg.35d323e81428db4e
update: 20190721
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190721
version: 2019-07-21.01
detected: False cancel

Tencent
result: Msil.Trojan.Crypt.Llrf
update: 20190721
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20190720
version: 2014.3.20.0
detected: False cancel

Webroot
result: W32.Trojan.Gen
update: 20190721
version: 1.0.0.403
detected: True check_circle

eGambit
update: 20190721
version: v4.3.6
detected: False cancel

Ad-Aware
result: Trojan.GenericKD.5159572
update: 20190721
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.MSIL.Crypt.4!c
update: 20190721
version: 4.2
detected: True check_circle

Emsisoft
result: Trojan.GenericKD.5159572 (B)
update: 20190721
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Fuery.jfgkz
update: 20190721
version: 12.0.86.52
detected: True check_circle

Fortinet
result: MSIL/Generic.AP.829A60!tr
update: 20190721
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20190717
version: 6.3.6.26157
detected: False cancel

Jiangmin
result: Trojan.MSIL.khbi
update: 20190721
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190721
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190721
version: 1.0
detected: True check_circle

Symantec
result: ML.Attribute.HighConfidence
update: 20190720
version: 1.9.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190522
version: 3.1.62.789
detected: True check_circle

AhnLab-V3
update: 20190720
version: 3.15.3.24531
detected: False cancel

Antiy-AVL
update: 20190721
version: 3.0.0.1
detected: False cancel

Kaspersky
result: Trojan.MSIL.Crypt.dovw
update: 20190721
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanSpy:Win32/Banker
update: 20190721
version: 1.1.16200.1
detected: True check_circle

Qihoo-360
result: Win32/Trojan.8d8
update: 20190721
version: 1.0.0.1120
detected: True check_circle

Trustlook
update: 20190721
version: 1.0
detected: False cancel

ZoneAlarm
result: Trojan.MSIL.Crypt.dovw
update: 20190721
version: 1.0
detected: True check_circle

Cybereason
result: malicious.81428d
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Injector.SGP
update: 20190721
version: 19720
detected: True check_circle

TrendMicro
update: 20190721
version: 11.0.0.1006
detected: False cancel

BitDefender
result: Trojan.GenericKD.5159572
update: 20190721
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_80% (D)
update: 20190212
version: 1.0
detected: True check_circle

K7AntiVirus
update: 20190720
version: 11.57.31537
detected: False cancel

SentinelOne
result: DFI - Suspicious PE
update: 20190604
version: 1.0.27.333
detected: True check_circle

Avast-Mobile
update: 20190720
version: 190720-00
detected: False cancel

Malwarebytes
update: 20190721
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20190720
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20190720
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Banker1.eokfdt
update: 20190721
version: 1.0.134.24849
detected: True check_circle

MicroWorld-eScan
result: Trojan.GenericKD.5159572
update: 20190721
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190719
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20190720
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
update: 20190721
version: 10.0.0.1040
detected: False cancel

total
71
sha256
e9ed161187e56e47758bbb9b4edc3ca837e6899d76ee890303e10fb599cd6d7a
scan_id
e9ed161187e56e47758bbb9b4edc3ca837e6899d76ee890303e10fb599cd6d7a-1563684982
resource
35d323e81428db4e90fc5a639e06b2ff
positives
43
scan_date
2019-07-21 04:56:22
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
18/2/2020 - 14:45:45.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/2/2020 - 14:45:45.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:45.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:45.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:45.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:45.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:45.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:45.278Open1480C:\malware.exeC:\malware.exe.config
18/2/2020 - 14:45:45.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
18/2/2020 - 14:45:45.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
18/2/2020 - 14:45:45.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
18/2/2020 - 14:45:45.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
18/2/2020 - 14:45:45.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/2/2020 - 14:45:45.293Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:45:45.293Unknown1480C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 14:45:45.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/2/2020 - 14:45:45.293Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.809Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:45.856Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:45.903Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:46.606Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:46.606Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:46.606Open1480C:\malware.exeC:\
18/2/2020 - 14:45:46.606Unknown1480C:\malware.exeC:\
18/2/2020 - 14:45:46.606Open1480C:\malware.exeC:\Monitor
18/2/2020 - 14:45:46.606Unknown1480C:\malware.exeC:\Monitor
18/2/2020 - 14:45:46.606Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:45:46.606Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:45:46.606Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:46.606Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:46.653Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18/2/2020 - 14:45:46.700Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:46.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:45:46.934Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/2/2020 - 14:45:46.934Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\RichEd20.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\riched20.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\CRYPTSP.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.950Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:46.965Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
18/2/2020 - 14:45:47.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dll
18/2/2020 - 14:45:47.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\qagentrt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\ncrypt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\bcrypt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 14:45:47.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 14:45:47.12Open1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 14:45:47.12Unknown1480C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 14:45:47.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 14:45:47.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 14:45:47.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 14:45:47.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 14:45:47.28Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 14:45:47.28Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 14:45:47.28Open1480C:\malware.exeC:\GPAPI.dll
18/2/2020 - 14:45:47.28Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 14:45:47.28Open1480C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 14:45:47.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 14:45:47.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 14:45:47.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\cryptnet.dll
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\SensApi.dll
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 14:45:47.122Open1480C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\WINHTTP.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\webio.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\credssp.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 14:45:47.215Open1480C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\IPHLPAPI.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\WINNSI.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\dhcpcsvc6.DLL
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/2/2020 - 14:45:47.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/2/2020 - 14:45:47.262Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/2/2020 - 14:45:47.262Unknown1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/2/2020 - 14:45:47.309Open1480C:\malware.exeC:\dhcpcsvc.DLL
18/2/2020 - 14:45:47.309Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 14:45:47.309Open1480C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 14:45:47.356Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/2/2020 - 14:45:47.356Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
18/2/2020 - 14:45:47.403Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.403Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.403Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.403Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:47.403Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:47.403Open1480C:\malware.exeC:\DNSAPI.dll
18/2/2020 - 14:45:47.403Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:45:47.403Open1480C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:45:47.543Open1480C:\malware.exeC:\rasadhlp.dll
18/2/2020 - 14:45:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 14:45:47.543Open1480C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 14:45:47.684Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 14:45:47.684Open1480C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.106Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.106Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.106Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.106Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.106Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.106Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:45:48.122Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:45:48.122Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:45:48.122Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:45:48.122Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.122Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CAC1D842E0E15CC16D311439838FBE4
18/2/2020 - 14:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.137Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC42971B7939A9CA55C44CFC893D7C1D
18/2/2020 - 14:45:48.184Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.184Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.184Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.418Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.418Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.700Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.715Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.715Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.731Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.731Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.731Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:48.731Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D75080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_86A94E7B396A68175548730A793E5CE1
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.762Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6B84D30E5F69CEB3278532D063D4504
18/2/2020 - 14:45:48.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.809Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.809Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:48.950Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.950Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.950Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:48.950Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:49.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:49.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:45:49.153Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.153Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:45:49.168Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Write1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.168Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42AD2B5168CDD0EBF4C0C8EA1C3A1FAE07F_AB9B58A102A71EE8B742017FA98FA42A
18/2/2020 - 14:45:49.231Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.231Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
18/2/2020 - 14:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:49.231Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.278Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 14:45:49.278Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 14:45:49.278Open1480C:\malware.exeC:\malware.exe.config
18/2/2020 - 14:45:49.278Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.278Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.278Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:45:49.293Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:45:49.293Unknown1480C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.293Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/2/2020 - 14:45:49.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/2/2020 - 14:45:49.309Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 14:45:49.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:49.309Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:49.309Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:49.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.543Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
18/2/2020 - 14:45:50.543Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
18/2/2020 - 14:45:50.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/2/2020 - 14:45:50.543Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:50.543Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/2/2020 - 14:45:50.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:50.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:50.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:50.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:50.543Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:45:50.590Open1480C:\malware.exeC:\PDrRJmBQj&.dll
18/2/2020 - 14:45:50.590Open1480C:\malware.exeC:\PDrRJmBQj&\PDrRJmBQj&.dll
18/2/2020 - 14:45:50.590Open1480C:\malware.exeC:\PDrRJmBQj&.exe
18/2/2020 - 14:45:50.590Open1480C:\malware.exeC:\PDrRJmBQj&\PDrRJmBQj&.exe
18/2/2020 - 14:45:50.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/2/2020 - 14:45:50.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\malware.exe.Local
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:50.825Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:50.825Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:45:50.825Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:50.825Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
18/2/2020 - 14:45:50.840Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/2/2020 - 14:45:50.840Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:50.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.700Open1480C:\malware.exeC:\Windows\assembly
18/2/2020 - 14:45:51.700Unknown1480C:\malware.exeC:\Windows\assembly
18/2/2020 - 14:45:51.700Open1480C:\malware.exeC:\Windows\assembly\Desktop.ini
18/2/2020 - 14:45:51.747Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\PDrRJmBQj&\1.0.0.0__ab917a421742ccdd
18/2/2020 - 14:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:52.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:52.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:52.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:52.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:52.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:45:52.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:52.575Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:52.575Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:52.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:52.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:52.762Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:52.762Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:52.762Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:52.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:52.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:52.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:52.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:52.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.137Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:53.137Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:53.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.184Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.325Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.372Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
18/2/2020 - 14:45:53.372Open1480C:\malware.exeC:\VERSION.dll
18/2/2020 - 14:45:53.372Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:45:53.372Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:45:53.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:53.372Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.372Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.418Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18/2/2020 - 14:45:53.418Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.418Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.512Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:53.559Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/2/2020 - 14:45:53.700Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.700Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
18/2/2020 - 14:45:53.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:53.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:54.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:54.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:54.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:54.168Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.309Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.309Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:54.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:55.903Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:56.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:45:56.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:56.184Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
18/2/2020 - 14:45:56.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:56.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:56.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:56.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:56.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
18/2/2020 - 14:45:56.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:45:56.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:56.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:56.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.247Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:57.293Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.622Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:58.793Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:45:59.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:0.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
18/2/2020 - 14:46:0.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.278Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
18/2/2020 - 14:46:0.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:0.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:0.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:0.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:0.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.793Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
18/2/2020 - 14:46:0.793Open1480C:\malware.exeC:\malware.exe.config
18/2/2020 - 14:46:0.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:0.840Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/2/2020 - 14:46:0.840Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/2/2020 - 14:46:0.934Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/2/2020 - 14:46:0.934Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/2/2020 - 14:46:1.28Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.28Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/2/2020 - 14:46:1.28Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.75Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.168Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/2/2020 - 14:46:1.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
18/2/2020 - 14:46:1.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/2/2020 - 14:46:1.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/2/2020 - 14:46:1.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.262Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
18/2/2020 - 14:46:1.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.262Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.262Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
18/2/2020 - 14:46:1.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt-BR\rpn.resources.dll
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt-BR\rpn.resources\rpn.resources.dll
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt-BR\rpn.resources.exe
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt-BR\rpn.resources\rpn.resources.exe
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt\rpn.resources.dll
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt\rpn.resources\rpn.resources.dll
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt\rpn.resources.exe
18/2/2020 - 14:46:1.543Open1480C:\malware.exeC:\pt\rpn.resources\rpn.resources.exe
18/2/2020 - 14:46:1.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.825Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
18/2/2020 - 14:46:1.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:1.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:2.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:2.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:2.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:2.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:2.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.325Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
18/2/2020 - 14:46:3.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:3.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:3.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:3.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:3.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:4.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:4.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:4.262Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Open1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/2/2020 - 14:46:4.262Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
18/2/2020 - 14:46:4.262Unknown1480C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:4.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:7.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pf
18/2/2020 - 14:46:8.12Read652C:\malware.exeC:\Windows\Prefetch\MALWARE.EXE-20920919.pfMALWARE.EXE-20920919.pf
18/2/2020 - 14:46:8.12Open652C:\malware.exe\Device\HarddiskVolume2
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\$EXTEND
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\$EXTEND
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\$EXTEND
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Monitor
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Monitor
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Monitor
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Monitor\Malware
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 14:46:8.12Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
18/2/2020 - 14:46:8.12Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\Favorites
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\Favorites
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\Favorites
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Windows
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Windows
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Windows
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Windows\assembly
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Windows\assembly
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Windows\assembly
18/2/2020 - 14:46:8.28Open652C:\malware.exeC:\Windows\assembly\GAC_32
18/2/2020 - 14:46:8.28Unknown652C:\malware.exeC:\Windows\assembly\GAC_32
18/2/2020 - 14:46:8.28Read652C:\malware.exeC:\Windows\assembly\GAC_32
18/2/2020 - 14:46:8.75Unknown652C:\malware.exeC:\Windows\assembly\GAC_32
18/2/2020 - 14:46:8.75Open652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
18/2/2020 - 14:46:8.75Unknown652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
18/2/2020 - 14:46:8.75Unknown652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib
18/2/2020 - 14:46:8.75Open652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:46:8.75Unknown652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:46:8.75Unknown652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
18/2/2020 - 14:46:8.75Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/2/2020 - 14:46:8.75Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/2/2020 - 14:46:8.75Read652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/2/2020 - 14:46:8.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1480.1116812
18/2/2020 - 14:46:8.75Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1480.1116812
18/2/2020 - 14:46:8.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1480.1116828
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Globalization
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Globalization
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Globalization
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Globalization\Sorting
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Globalization\Sorting
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Globalization\Sorting
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Microsoft.NET
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\pt-BR
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\pt-BR
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\pt-BR
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\ntdll.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\ntdll.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\wow64.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\wow64.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\wow64win.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\wow64win.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\kernel32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\kernel32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\user32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\user32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\apisetschema.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\KernelBase.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\locale.nls
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\locale.nls
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\cryptbase.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\user32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\user32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\lpk.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\lpk.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\usp10.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\usp10.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\msctf.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\msctf.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\System32\mctres.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\System32\mctres.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\ole32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\ole32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\profapi.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\profapi.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\wintrust.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\wintrust.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\crypt32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\crypt32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\msasn1.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\msasn1.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\riched20.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\riched20.dll
18/2/2020 - 14:46:8.122Open652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 14:46:8.137Open1480C:\malware.exeC:\RpcRtRemote.dll
18/2/2020 - 14:46:8.137Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/2/2020 - 14:46:8.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/2/2020 - 14:46:8.137Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
18/2/2020 - 14:46:8.137Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
18/2/2020 - 14:46:8.122Unknown652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\imagehlp.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\imagehlp.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\userenv.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\userenv.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\Wldap32.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\Wldap32.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\nsi.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\nsi.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\cfgmgr32.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\cfgmgr32.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\VXA84PRX.TXT
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\V7NJY85I.TXT
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[4].XML
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\mssprxy.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\mssprxy.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[1].XML
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
18/2/2020 - 14:46:8.184Open652C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:46:8.184Unknown652C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:46:8.184Read652C:\malware.exeC:\Windows\System32\mctres.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\SysWOW64\riched20.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\SysWOW64\imagehlp.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\SysWOW64\NlsLexicons0416.dllNlsLexicons0416.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\SysWOW64\StructuredQuery.dllStructuredQuery.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\SysWOW64\mssprxy.dll
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\locale.nls
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B45457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Users\Behemot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD92874FBF93595CFC8459196065CE54AD928
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
18/2/2020 - 14:46:8.200Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[2].XML
18/2/2020 - 14:46:8.200Open652C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\V7NJY85I.TXT
18/2/2020 - 14:46:8.200Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
18/2/2020 - 14:46:8.200Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
18/2/2020 - 14:46:8.200Open652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[4].XML
18/2/2020 - 14:46:8.200Read652C:\malware.exeC:\Windows\System32\mctres.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\ntdll.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\wow64.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\wow64win.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\wow64cpu.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\kernel32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\kernel32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\user32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\ntdll.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\mscoree.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\malware.exe
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\advapi32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\msvcrt.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\sechost.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\rpcrt4.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\sspicli.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\shlwapi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\gdi32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\user32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\lpk.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\usp10.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\imm32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\msctf.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\shell32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\ole32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\profapi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\wintrust.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\crypt32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\msasn1.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\ncrypt.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\bcryptprimitives.dllbcryptprimitives.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\userenv.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\gpapi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\cryptnet.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\Wldap32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\SensApi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\winhttp.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\webio.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\ws2_32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\nsi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\credssp.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\wship6.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\winnsi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc6.dlldhcpcsvc6.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\dhcpcsvc.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\cfgmgr32.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\dnsapi.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\rasadhlp.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Windows\SysWOW64\version.dll
18/2/2020 - 14:46:8.200Unknown652C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
18/2/2020 - 14:46:8.200Unknown652C:\malware.exe\Device\HarddiskVolume2
18/2/2020 - 14:46:8.200Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/2/2020 - 14:46:8.200Read1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Windows
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Monitor
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
18/2/2020 - 14:46:8.356Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc

Process
Trace
18/2/2020 - 14:46:4.262Create1480C:\malware.exe652C:\malware.exe
18/2/2020 - 14:46:8.200Terminate1480C:\malware.exe652C:\malware.exe

Analysis
Reason
Finished

Status
Sucessfully Executed

Results
1

Registry
Trace
18/2/2020 - 14:45:47.12Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 14:45:47.12Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 14:45:47.12Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 14:45:47.12Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 14:45:47.12Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
18/2/2020 - 14:45:49.184Delete1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CertificatesBE36A4562FB2EE05DBB3D32323ADF445084ED656
18/2/2020 - 14:45:49.184Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656Blob

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:50273 code crt.comodoca.com.
computer localhost arrow_forward computer gateway:DNS code crt.comodoca.com.
computer localhost arrow_forward computer gateway:DNS code ocsp.comodoca.com.

Response
computer gateway:DNS arrow_forward computer localhost code crt.comodoca.com. reply_all 91.199.212.52

computer gateway:DNS arrow_forward computer localhost code ocsp.comodoca.com. reply_all 151.139.128.14


TCP
Info
151.139.128.14:80 arrow_forward computer localhost:65192
computer localhost:65191 arrow_forward 91.199.212.52:80
91.199.212.52:80 arrow_forward computer localhost:65191
computer localhost:65192 arrow_forward 151.139.128.14:80

UDP
Info
computer localhost:53 arrow_forward computer localhost:55394
computer localhost:55394 arrow_forward computer localhost:53
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info
computer localhost send GET crt.comodoca.com attach_file /COMODORSAAddTrustCA.crt
computer localhost send GET ocsp.comodoca.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEGB446VXVl79i0mAksOj7Z4%3D
computer localhost send GET ocsp.comodoca.com attach_file /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D

Summary
DNS
True check_circle

TCP
True check_circle

UDP
True check_circle

HTTP
True check_circle

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 72.40%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 99.43%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 53.00%
suspicious: True check_circle

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 48.22%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.95%
suspicious: True check_circle

Add to Collection
Download