Report #666 check_circle

  • Creation Date: Oct. 19, 2019, 2:19 a.m.
  • Last Update: Oct. 19, 2019, 3:28 a.m.
  • File: 013
  • Results:
Binary
DLL
False cancel
Size
2.20MB
trid
33.9% Generic CIL Executable
19.9% InstallShield setup
19.2% Win32 EXE PECompact compressed
12.8% Win64 Executable
6.0% Windows screen saver
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
61bdd03b20a63bbfa97e7de839481c81
sha1
225660842561d0b695abfed58429519899190b07
crc32
0xc5764473
sha224
32de1de5e0b3d90c4d371f2e445626681be367d19da787478496de4c
sha256
28fa90ceceb302efe31d5ab83c4d2a320d5e89e40bf59770d3cc668bf627ff11
sha384
47b06afca861a0cc4fc32d5cf58aced5d4ecacf6ba9554153bfc209b1cdeafbad0bfc711f373392b24f52865b4ec2f41
sha512
cd870a1f0ede9e95d6bec5f25e9680804a663f55e19f28ed410699cf7d6e7e899f67319789afd2cc3d2bddc0e39be706ab317421accc7ed2bccaaa8e060ee9a1
ssdeep
49152:eApv78igxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+swIOTKq5:eApv55jKNOj+7
Community
Google
True check_circle
HashLib
False cancel
YARA
Matches
IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, BASE64_table, escalate_priv, NanoCore, DebuggerException__SetConsoleCtrl, Microsoft_Visual_C_v70_Basic_NET, screenshot, spreading_share, create_service, Microsoft_Visual_Studio_NET, network_dns, cred_local, NET_executable_, network_http, win_files_operation, IsPE32, Nanocore_RAT_Gen_2, Microsoft_Visual_C_v70_Basic_NET_additional, win_hook, disable_dep, antisb_threatExpert, NET_executable, contentis_base64, network_tcp_socket, SEH__vectored, Microsoft_Visual_Studio_NET_additional, win_token, win_mutex, keylogger, NETexecutableMicrosoft, DebuggerCheck__GlobalFlags, Misc_Suspicious_Strings, migrate_apc, IsWindowsGUI, Check_Dlls, DebuggerHiding__Thread, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Big_Numbers5, System_Tools, create_com_service, powershell, Big_Numbers0

Suspicious
True check_circle

Strings
List
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/1.0/">
<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/">
qhttp://ns.adobe.com/xap/1.0/
qhttp://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
=http://ns.adobe.com/xap/1.0/
<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/1.1/">
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

Foremost
Matches
0.exe, 203 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll, advapi32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 90624
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .reloc, .rsrc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 6.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 124818
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll, advapi32.dll
hasLibs: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-02-21 22:49:37
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 36
.text: 3

pushpopmath
.rsrc: 32
.text: 76

ss register
.rsrc: 1

garbagebytes
.rsrc: 15
.text: 2

hookdetection
.rsrc: 7

software breakpoint
.rsrc: 1

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 14
.text: 2

cpuinstructionsresultscomparison
.text: 19

AVclass
nanocore
1
VirusTotal
md5
61bdd03b20a63bbfa97e7de839481c81
sha1
225660842561d0b695abfed58429519899190b07
SCANS
CMC
update: 20190321
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=80)
update: 20190911
version: 2018.9.12.1
detected: True check_circle

APEX
result: Malicious
update: 20190910
version: 5.62
detected: True check_circle

Bkav
result: W32.DropperFraudropK.Trojan
update: 20190910
version: 1.3.0.10239
detected: True check_circle

K7GW
result: Trojan ( 700000121 )
update: 20190910
version: 11.66.31970
detected: True check_circle

ALYac
result: Backdoor.MSIL.Agent.GD
update: 20190910
version: 1.1.1.5
detected: True check_circle

Avira
result: TR/Dropper.Gen
update: 20190910
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cyren
result: W32/NanoCore.C.gen!Eldorado
update: 20190911
version: 6.2.0.1
detected: True check_circle

DrWeb
result: Trojan.Nanocore.23
update: 20190911
version: 7.0.41.7240
detected: True check_circle

GData
result: MSIL.Backdoor.Nancat.A
update: 20190910
version: A:25.23340B:26.15999
detected: True check_circle

Panda
result: Bck/Agent.KNM
update: 20190910
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20190910
version: 4.0.0
detected: True check_circle

VIPRE
result: Trojan.MSIL.NanoCore.B (fs)
update: 20190910
version: 77778
detected: True check_circle

Zoner
result: Trojan.Win32.48280
update: 20190911
version: 1.0.0.1
detected: True check_circle

ClamAV
result: Win.Trojan.Nanocore-5
update: 20190910
version: 0.101.4.0
detected: True check_circle

Comodo
result: Backdoor.MSIL.Noancooe.JDE@5s4u9t
update: 20190910
version: 31455
detected: True check_circle

F-Prot
result: W32/NanoCore.C.gen!Eldorado
update: 20190910
version: 4.7.1.166
detected: True check_circle

Ikarus
result: Backdoor.Rat.Nanocore
update: 20190910
version: 0.1.5.2
detected: True check_circle

McAfee
result: GenericRXAA-CZ!61BDD03B20A6
update: 20190910
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.NanoCore!1.B6F9 (CLASSIC)
update: 20190910
version: 25.0.0.24
detected: True check_circle

Sophos
result: Troj/NanoCor-BT
update: 20190911
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.Agent!F26RaVmgdrg
update: 20190910
version: 5.5.2.24
detected: True check_circle

Zillya
result: Trojan.Agent.Win32.872163
update: 20190910
version: 2.0.0.3897
detected: True check_circle

Acronis
result: suspicious
update: 20190904
version: 1.1.1.56
detected: True check_circle

Alibaba
result: Backdoor:MSIL/Agent.ab872b9a
update: 20190527
version: 0.3.0.5
detected: True check_circle

Arcabit
result: Backdoor.MSIL.Agent.GD
update: 20190910
version: 1.0.0.856
detected: True check_circle

Cylance
result: Unsafe
update: 20190911
version: 2.3.1.101
detected: True check_circle

Endgame
result: malicious (high confidence)
update: 20190819
version: 3.0.14
detected: True check_circle

FireEye
result: Generic.mg.61bdd03b20a63bbf
update: 20190910
version: 29.7.0.0
detected: True check_circle

TACHYON
update: 20190910
version: 2019-09-10.02
detected: False cancel

Tencent
update: 20190911
version: 1.0.0.1
detected: False cancel

ViRobot
result: Backdoor.Win32.NanoCore.Gen.A
update: 20190910
version: 2014.3.20.0
detected: True check_circle

Webroot
update: 20190911
version: 1.0.0.403
detected: False cancel

eGambit
result: Trojan.Generic
update: 20190911
version: v5.0.5
detected: True check_circle

Ad-Aware
result: Backdoor.MSIL.Agent.GD
update: 20190910
version: 3.0.5.370
detected: True check_circle

AegisLab
result: Trojan.Win32.Generic.mhUN
update: 20190910
version: 4.2
detected: True check_circle

Emsisoft
result: Backdoor.MSIL.Agent.GD (B)
update: 20190911
version: 2018.12.0.1641
detected: True check_circle

F-Secure
result: Trojan.TR/Dropper.Gen
update: 20190910
version: 12.0.86.52
detected: True check_circle

Fortinet
result: W32/Generic.AC.A0C!tr
update: 20190910
version: 5.4.247.0
detected: True check_circle

Invincea
result: heuristic
update: 20190904
version: 6.3.6.26157
detected: True check_circle

Jiangmin
result: Backdoor.Generic.zwu
update: 20190911
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20190911
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20190911
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Nancrat
update: 20190910
version: 1.10.0.0
detected: True check_circle

Trapmine
result: malicious.high.ml.score
update: 20190826
version: 3.1.81.800
detected: True check_circle

AhnLab-V3
result: Win-Trojan/Nanocore.Exp
update: 20190910
version: 3.16.1.25089
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Win32.AGeneric
update: 20190910
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: Trojan.MSIL.Agent.fpar
update: 20190910
version: 15.0.1.13
detected: True check_circle

MaxSecure
update: 20190909
version: 1.0.0.1
detected: False cancel

Microsoft
result: Backdoor:MSIL/Noancooe.A
update: 20190910
version: 1.1.16300.1
detected: True check_circle

Qihoo-360
result: Win32/Trojan.f3a
update: 20190911
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: Trojan.MSIL.Agent.fpar
update: 20190910
version: 1.0
detected: True check_circle

Cybereason
result: malicious.b20a63
update: 20190616
version: 1.2.449
detected: True check_circle

ESET-NOD32
result: MSIL/NanoCore.E
update: 20190910
version: 19995
detected: True check_circle

TrendMicro
result: Backdoor.MSIL.NANOCORE.SMIL
update: 20190910
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Backdoor.MSIL.Agent.GD
update: 20190910
version: 7.2
detected: True check_circle

CrowdStrike
result: win/malicious_confidence_100% (W)
update: 20190702
version: 1.0
detected: True check_circle

K7AntiVirus
result: Trojan ( 700000121 )
update: 20190910
version: 11.66.31969
detected: True check_circle

SentinelOne
result: DFI - Malicious PE
update: 20190807
version: 1.0.31.22
detected: True check_circle

Avast-Mobile
update: 20190910
version: 190910-00
detected: False cancel

Malwarebytes
result: Backdoor.NanoCore
update: 20190910
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20190910
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.MsilFC.S6053545
update: 20190909
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.Dwn.edxxmu
update: 20190910
version: 1.0.134.24859
detected: True check_circle

MicroWorld-eScan
result: Backdoor.MSIL.Agent.GD
update: 20190910
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20190906
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: BehavesLike.Win32.Generic.vh
update: 20190910
version: v2017.3010
detected: True check_circle

TrendMicro-HouseCall
result: Backdoor.MSIL.NANOCORE.SMIL
update: 20190911
version: 10.0.0.1040
detected: True check_circle

total
69
sha256
28fa90ceceb302efe31d5ab83c4d2a320d5e89e40bf59770d3cc668bf627ff11
scan_id
28fa90ceceb302efe31d5ab83c4d2a320d5e89e40bf59770d3cc668bf627ff11-1568157571
resource
61bdd03b20a63bbfa97e7de839481c81
positives
59
scan_date
2019-09-10 23:19:31
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
19/10/2019 - 2:45:43.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 2:45:43.731Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:43.731Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:43.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:43.778Open1480C:\malware.exeC:\malware.exe.config
19/10/2019 - 2:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
19/10/2019 - 2:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
19/10/2019 - 2:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
19/10/2019 - 2:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
19/10/2019 - 2:45:43.778Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 2:45:43.793Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:45:43.793Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 2:45:43.793Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:43.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.543Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:44.590Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:44.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:44.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:44.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.340Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\
19/10/2019 - 2:45:45.340Unknown1480C:\malware.exeC:\
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Monitor
19/10/2019 - 2:45:45.340Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:45:45.340Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.340Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:45:45.340Open1480C:\malware.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\Windows\SysWOW64\l_intl.nls
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 2:45:45.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\malware.exe.config
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.387Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:45:45.387Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.387Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
19/10/2019 - 2:45:45.387Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
19/10/2019 - 2:45:45.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 2:45:45.403Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:45:45.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 2:45:45.403Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:45.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
19/10/2019 - 2:45:45.403Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.403Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:45.418Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:45.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:46.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:46.325Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:46.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:46.981Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:47.75Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.372Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:47.465Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:47.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:47.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:47.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:47.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:47.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:47.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:47.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:47.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:47.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:47.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:47.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:48.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:48.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:48.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:48.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:48.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:48.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 2:45:49.12Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 2:45:49.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
19/10/2019 - 2:45:49.200Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 2:45:49.200Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:45:49.200Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:45:49.200Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:49.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:49.200Open1480C:\malware.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:49.200Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:49.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:49.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:49.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.778Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.825Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
19/10/2019 - 2:45:49.825Open1480C:\malware.exeC:\VERSION.dll
19/10/2019 - 2:45:49.825Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:45:49.825Open1480C:\malware.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:45:49.825Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.825Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.825Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.872Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
19/10/2019 - 2:45:49.872Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.872Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:49.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:49.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:50.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:50.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:50.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:50.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:50.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:50.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:51.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:51.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:51.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:51.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:51.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:51.418Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
19/10/2019 - 2:45:51.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:51.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:51.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:52.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:52.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:52.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:52.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:52.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:52.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
19/10/2019 - 2:45:53.559Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
19/10/2019 - 2:45:53.606Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
19/10/2019 - 2:45:53.653Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
19/10/2019 - 2:45:53.700Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
19/10/2019 - 2:45:53.747Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
19/10/2019 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.793Open1480C:\malware.exeC:\dwmapi.dll
19/10/2019 - 2:45:53.793Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 2:45:53.793Open1480C:\malware.exeC:\Windows\SysWOW64\dwmapi.dll
19/10/2019 - 2:45:53.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:53.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:54.137Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:45:54.137Unknown1480C:\malware.exeC:\Monitor
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\CRYPTSP.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\cryptsp.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\rsaenh.dll
19/10/2019 - 2:45:54.340Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\bcrypt.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
19/10/2019 - 2:45:54.340Open1480C:\malware.exeC:\Windows\SysWOW64\bcrypt.dll
19/10/2019 - 2:45:54.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:54.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:54.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:54.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:54.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:55.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:55.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:55.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:55.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:55.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:55.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:45:55.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:55.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:55.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:56.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:56.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:56.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:56.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:56.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:56.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:45:57.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:57.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:58.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.122Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:45:59.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.262Open1480C:\malware.exeC:\shfolder.dll
19/10/2019 - 2:45:59.262Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 2:45:59.262Open1480C:\malware.exeC:\Windows\SysWOW64\shfolder.dll
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:45:59.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 2:45:59.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:45:59.497Unknown1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users
19/10/2019 - 2:45:59.497Unknown1480C:\malware.exeC:\Users
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
19/10/2019 - 2:45:59.497Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
19/10/2019 - 2:45:59.497Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\run.dat
19/10/2019 - 2:45:59.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.543Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\run.dat
19/10/2019 - 2:45:59.543Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\run.dat
19/10/2019 - 2:45:59.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.590Open1480C:\malware.exeC:\Program Files (x86)
19/10/2019 - 2:45:59.590Unknown1480C:\malware.exeC:\Program Files (x86)
19/10/2019 - 2:45:59.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:45:59.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Exceptions\1.2.2.0
19/10/2019 - 2:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:0.12Open1480C:\malware.exeC:\Program Files (x86)\UPNP Manager
19/10/2019 - 2:46:0.12Open1480C:\malware.exeC:\Program Files (x86)
19/10/2019 - 2:46:0.12Unknown1480C:\malware.exeC:\Program Files (x86)
19/10/2019 - 2:46:0.12Open1480C:\malware.exeC:\Program Files (x86)\UPNP Manager
19/10/2019 - 2:46:0.12Unknown1480C:\malware.exeC:\Program Files (x86)\UPNP Manager
19/10/2019 - 2:46:0.12Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:46:0.59Open1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.59Open1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:0.106Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Unknown1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Open1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Open1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Unknown1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Write1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Unknown1480C:\malware.exeC:\Program Files (x86)\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:0.200Unknown1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:46:0.200Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
19/10/2019 - 2:46:0.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
19/10/2019 - 2:46:0.434Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\UPNP Manager\upnpmgr.exe
19/10/2019 - 2:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:0.575Open1480C:\malware.exeC:\Windows\Globalization\en-us.nlp
19/10/2019 - 2:46:0.575Open1480C:\malware.exeC:\malware.exe.config
19/10/2019 - 2:46:0.622Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 2:46:0.622Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 2:46:0.715Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 2:46:0.715Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 2:46:0.809Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:0.809Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 2:46:0.809Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:0.856Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:0.903Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:0.950Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:0.997Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:1.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 2:46:1.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
19/10/2019 - 2:46:1.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 2:46:1.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 2:46:1.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:1.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
19/10/2019 - 2:46:1.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:1.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:1.43Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:1.90Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:1.137Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.231Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:46:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:1.684Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 2:46:1.731Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.731Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 2:46:1.731Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.778Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.825Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.872Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.918Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.965Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
19/10/2019 - 2:46:1.965Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:1.965Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.12Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.59Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 2:46:2.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:2.59Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:2.59Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:2.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.59Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.106Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.153Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.200Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.247Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.293Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dlldiasymreader.dll
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\Windows\symbols\dll\mscorlib.pdb
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\Windows\dll\mscorlib.pdb
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\Windows\mscorlib.pdb
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\malware.PDB
19/10/2019 - 2:46:2.340Open1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\malware.exe
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:2.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:2.387Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:2.387Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:2.387Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:2.903Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:46:2.903Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:46:2.903Open1480C:\malware.exeC:\schtasks.exe
19/10/2019 - 2:46:2.903Open1480C:\malware.exeC:\schtasks.exe
19/10/2019 - 2:46:2.903Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:2.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:2.950Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:3.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\
19/10/2019 - 2:46:3.137Unknown1480C:\malware.exeC:\
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows
19/10/2019 - 2:46:3.137Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:3.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:3.137Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.137Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.137Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.137Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 2:46:3.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:3.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:3.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:3.184Unknown344C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:3.184Open344C:\Windows\SysWOW64\schtasks.exeC:\Monitor\Malware
19/10/2019 - 2:46:3.325Open1480C:\malware.exeC:\RpcRtRemote.dll
19/10/2019 - 2:46:3.325Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/10/2019 - 2:46:3.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/10/2019 - 2:46:3.325Open1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dll
19/10/2019 - 2:46:3.325Unknown1480C:\malware.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
19/10/2019 - 2:46:3.372Read344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.372Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:3.372Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:3.372Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:3.372Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:3.418Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:3.418Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:3.418Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:3.418Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:3.418Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:3.418Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:3.418Read344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 2:46:3.465Unknown344C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:3.465Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:3.668Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:3.668Open344C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:4.278Open344C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:4.278Read344C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:4.278Read344C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:4.278Unknown344C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:5.715Unknown344C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.715Unknown344C:\Windows\SysWOW64\schtasks.exeC:\Monitor\Malware
19/10/2019 - 2:46:5.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:5.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 2:46:5.872Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp4D61.tmp
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\task.dat
19/10/2019 - 2:46:5.872Write1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\task.dat
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:5.872Write1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Monitor\Malware
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Windows
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.872Unknown1480C:\malware.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Read1480C:\malware.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Open1480C:\malware.exeC:\Windows\SysWOW64\ui\SwDRM.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
19/10/2019 - 2:46:5.934Read2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:5.934Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\TMP4D61.TMP
19/10/2019 - 2:46:5.934Read2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:5.934Read2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
19/10/2019 - 2:46:5.934Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.950Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:5.950Open2196C:\Windows\SysWOW64\schtasks.exeC:\Monitor\Malware
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
19/10/2019 - 2:46:6.122Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:6.122Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
19/10/2019 - 2:46:6.278Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:6.278Open2196C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
19/10/2019 - 2:46:6.325Open2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:6.325Read2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:6.325Read2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:6.325Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:7.731Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Windows
19/10/2019 - 2:46:7.731Unknown2196C:\Windows\SysWOW64\schtasks.exeC:\Monitor\Malware
19/10/2019 - 2:46:7.778Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:7.778Open1480C:\malware.exeC:\Monitor\Files\DeletedFiles
19/10/2019 - 2:46:7.778Delete1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:7.778Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Temp\tmp5AFF.tmp
19/10/2019 - 2:46:7.778Open1480C:\malware.exeC:\malware.exe:Zone.Identifier
19/10/2019 - 2:46:7.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:7.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:7.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:7.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:7.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\ntdll.dll
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\catalog.dat
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\storage.dat
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\ClientPlugin.dll
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\ClientPlugin\ClientPlugin.dll
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\ClientPlugin.exe
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\ClientPlugin\ClientPlugin.exe
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
19/10/2019 - 2:46:8.200Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
19/10/2019 - 2:46:8.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
19/10/2019 - 2:46:8.262Open1480C:\malware.exeC:\malware.exe.Local
19/10/2019 - 2:46:8.262Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:8.262Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:8.262Open1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:8.262Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
19/10/2019 - 2:46:8.262Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
19/10/2019 - 2:46:8.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
19/10/2019 - 2:46:8.262Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
19/10/2019 - 2:46:8.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\settings.bin
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.340Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\settings.bak
19/10/2019 - 2:46:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:8.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs\Behemot
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users\Behemot
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs\Behemot
19/10/2019 - 2:46:8.622Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\FA25E266-6D0F-4DE2-813A-BF4374E0628C\Logs\Behemot
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Lzma#.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Lzma#\Lzma#.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Lzma#.exe
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Lzma#\Lzma#.exe
19/10/2019 - 2:46:8.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources.exe
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt-BR\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources.exe
19/10/2019 - 2:46:8.622Open1480C:\malware.exeC:\pt\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
19/10/2019 - 2:46:8.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.653Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 2:46:8.653Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 2:46:8.653Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 2:46:8.653Open1480C:\malware.exeC:\Windows\SysWOW64\tzres.dll
19/10/2019 - 2:46:8.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:8.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:9.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:9.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
19/10/2019 - 2:46:9.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.497Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
19/10/2019 - 2:46:9.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.590Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
19/10/2019 - 2:46:9.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\mswsock.dll
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\SysWOW64\wship6.dll
19/10/2019 - 2:46:9.731Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
19/10/2019 - 2:46:9.825Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:9.825Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
19/10/2019 - 2:46:9.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:9.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:9.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:9.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.153Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:46:10.247Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
19/10/2019 - 2:46:10.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:10.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 2:46:10.715Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.715Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
19/10/2019 - 2:46:10.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:10.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:46:11.559Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
19/10/2019 - 2:46:11.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:11.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 2:46:11.934Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:11.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 2:46:11.934Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:11.934Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
19/10/2019 - 2:46:11.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:11.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.215Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
19/10/2019 - 2:46:12.309Open1480C:\malware.exeC:\malware.exe.config
19/10/2019 - 2:46:12.309Open1480C:\malware.exeC:\malware.exe.config
19/10/2019 - 2:46:12.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dllSystem.Configuration.ni.dll
19/10/2019 - 2:46:12.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:12.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:12.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:12.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:12.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll
19/10/2019 - 2:46:13.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:13.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:15.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:15.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:15.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:15.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
19/10/2019 - 2:46:15.887Open1480C:\malware.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
19/10/2019 - 2:46:15.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
19/10/2019 - 2:46:15.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dllSystem.Xml.ni.dll

Process
Trace
19/10/2019 - 2:46:3.137Create1480C:\malware.exe344C:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.715Terminate1480C:\malware.exe344C:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:5.872Create1480C:\malware.exe2196C:\Windows\SysWOW64\schtasks.exe
19/10/2019 - 2:46:7.731Terminate1480C:\malware.exe2196C:\Windows\SysWOW64\schtasks.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
19/10/2019 - 2:46:0.153Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunUPNP Manager

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info
computer localhost:65203 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65223
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65211
computer localhost:65198 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65227
computer localhost:65216 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65222
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65229
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65205
computer localhost:65197 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65221 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65211 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65210
computer localhost:65228 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65216
computer localhost:65199 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65222 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65193 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65204 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65217
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65191
computer localhost:65215 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65210 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65223 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65192 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65229 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65205 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65197
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65192
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65221
computer localhost:65191 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65203
computer localhost:65209 arrow_forward help_outline 185.145.45.223:1199
computer localhost:65227 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65215
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65198
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65193
computer localhost:65217 arrow_forward help_outline 185.145.45.223:1199
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65209
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65228
help_outline 185.145.45.223:1199 arrow_forward computer localhost:65204

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
True check_circle

UDP
False cancel

HTTP
False cancel

Results
KNN (K=3, NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel
Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle
SVC (Kernel=Linear, NFS-BRMalware)
confidence: 74.78%
suspicious: False cancel
Random Forest (100 estimators, NFS-BRMalware)
confidence: 65.00%
suspicious: True check_circle
Add to Collection
Download