Report #7736 check_circle

  • Creation Date: Feb. 28, 2020, 1:06 p.m.
  • Last Update: Feb. 28, 2020, 1:21 p.m.
  • File: 1205_f3_all.gif.exe
  • Results:
Binary
DLL
False cancel
Size
2.21MB
trid
55.8% Generic CIL Executable
21.0% Win64 Executable
9.9% Windows screen saver
5.0% Win32 Dynamic Link Library
3.4% Win32 Executable
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
9e0f941da600bb73757199abd6099a73
sha1
01791eaa75d6816fc5612b6779b8ac45194d7ace
crc32
0x26c31b00
sha224
9c0acc17f72f79d19db3940b8943b8746cb1b12fbf374d5aaaf49325
sha256
8e091d99930d50a29f00c88d84037a6568e20d583192e16bff0a78bebfe2b35d
sha384
51275fdabd3158500b94f54fcbe3bf4a7152096726c0f6f8325999665138e32398375cf0d0070b3104a9d3eccfe230cb
sha512
3da71b1decadd8b6a363f5eebb022fb2e499f38f392a6750faa40d4e01c5b6e3f8f30bd0c6ed05729b878f4d1074a9bd053edd4471bda291f5da402821e05b5a
ssdeep
49152:gNWUENzNdV54hVCc56Chhkx3EX+YGkcAVpJ8VpJ:Pv54hM4TV4V
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, dotfuscator, BASE64_table, RIPEMD160_Constants, Microsoft_Visual_C_v70_Basic_NET, Prime_Constants_long, Microsoft_Visual_Studio_NET, network_dns, NET_executable_, IsPE32, Microsoft_Visual_C_v70_Basic_NET_additional, NET_executable, Microsoft_Visual_Studio_NET_additional, IP, contentis_base64, NETexecutableMicrosoft, IsWindowsGUI, SHA512_Constants, network_tcp_listen, url, SHA1_Constants, android_meterpreter, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry, Browsers, MD5_Constants, System_Tools

Suspicious
True check_circle

Strings
List
http://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v2.x
, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
https://fiddler2.com/
fRetrieves the complete URI, including protocol/scheme, in the form http://www.host.com/filepath?query.
BFiddler's Preferences collection. http://fiddler.wikidot.com/prefs
http://fiddler2.com/r/?
http://fiddler2.com/fiddlercore/
!WARNING: System proxy was configured to use a file-protocol sourced script ({0}). Proxy scripts delivered by the file protocol are not supported by many clients. Please see http://blogs.msdn.com/b/ieinternals/archive/2013/10/11/web-proxy-configuration-and-ie11-changes.aspx for more information.
Please install the latest version of Fiddler from http://getfiddler.com.
http://www.fiddlerbook.com/r/?shop
) Session Archive. See http://fiddler2.com
[HTTPLint Warning] Response sets a cookie, and server's hostname contains '_'. Internet Explorer does not permit cookies to be set on hostnames containing underscores. See http://support.microsoft.com/kb/316112
http://www.x.com
Tamir.SharpSsh.java
Tamir.SharpSsh.java.io
fiddler2.com
Unrecognized cipher - See http://www.iana.org/assignments/tls-parameters/
Unrecognized cipher [0x{0:X4}] - See http://www.iana.org/assignments/tls-parameters/
http://www.telerik.com/UpdateCheck.aspx?isBeta=
Tamir.SharpSsh.java.net
caixaaqui.gov.br
fiddler.network.dns.MaxAddressCount
fiddler.network.dns.ResolveOnionHosts
fiddler.network.dns.fallback
www2.bancobrasil.com.br
fiddler.config.path.Tools
Tamir.SharpSsh.java.util
c:\Program Files (x86)\Mozilla Firefox\firefox.exe
Tamir.SharpSsh.java.lang
c:\Program Files\Mozilla Firefox\firefox.exe
keepalive@jcraft.com
System.Security
Org.BouncyCastle.Utilities.IO
fiddler.network
Org.BouncyCastle.Utilities.Net
ClientConnected: {0:HH:mm:ss.fff}, ClientBeginRequest: {1:HH:mm:ss.fff}, GotRequestHeaders: {2:HH:mm:ss.fff}, ClientDoneRequest: {3:HH:mm:ss.fff}, Determine Gateway: {4,0}ms, DNS Lookup: {5,0}ms, TCP/IP Connect: {6,0}ms, HTTPS Handshake: {7,0}ms, ServerConnected: {8:HH:mm:ss.fff},FiddlerBeginRequest: {9:HH:mm:ss.fff}, ServerGotRequest: {10:HH:mm:ss.fff}, ServerBeginResponse: {11:HH:mm:ss.fff}, GotResponseHeaders: {12:HH:mm:ss.fff}, ServerDoneResponse: {13:HH:mm:ss.fff}, ClientBeginResponse: {14:HH:mm:ss.fff}, ClientDoneResponse: {15:HH:mm:ss.fff}{16}
qGets or sets the URL (without protocol) being requested from the server, in the form www.host.com/filepath?query.
System.Net.Security
Org.BouncyCastle.Security
Delete all permanent WinINET cookies for sHost; won't clear memory-only session cookies. Supports hostnames with an optional leading wildcard, e.g. *example.com. NOTE: Will not work on VistaIE Protected Mode cookies.
fiddler.network.auth.reusemode
fiddler.network.timeouts.serverpipe.send.reuse
NNYYrr.Properties
fiddler.network.timeouts.serverpipe.send.initial
Hostnames ending in '.onion' cannot be resolved by DNS. You must send this request through a TOR gateway, e.g. oSession["X-OverrideGateway"] = "socks=127.0.0.1:9150";
System.IO
System.Net
Fiddler.Network.ProxyPAC> PAC Script download failure; Fiddler only supports HTTP/HTTPS for PAC script URLs.
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
127.0.0.1:8888
loginmpe.bb
loginpfe.bb
MakeCert.pdb
MakeCert.pdb
Org.BouncyCastle.Utilities.Date
Org.BouncyCastle.Crypto.IO
fiddler.ftp.AlwaysDemandCredentials
Fiddler.Network.ProxyPAC> PAC Script contents were not valid.
fiddler.network.https.NoDecryptionHosts
Session.run: CHANNEL OPEN
fiddler.network.clientpipereuse> Closing client socket since bReuseClientSocket was false after returning [{0}]
Org.BouncyCastle.X509.Store
fiddler.network.https> HTTPS handshake to {0} failed. {1}
fiddler.network.https.cacheclientcert
Org.BouncyCastle.Asn1.Ntt
fiddler.ftp.UseBinary
Session.run: unsupported type
fiddler.network.https.requestclientcertificate
fiddler.ftp.UsePassive
fiddler.network.https.storeservercertchain
# ChannelSession.run
fiddler.network.https.blindtunnelifcertunobtainable
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
fiddler.network.connect2> Unexpected response from upstream gateway {0}
fiddler.network.readresponse.failure> Session #{0} was aborted {1}
3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
fiddler.network.https.clientcertificate>AttachClientCertificate {0} - {1}, {2} local certs, {3} acceptable issuers.
fiddler.network.leakhttp1xx
Fiddler.Network.TCPTable> Unable to call IPHelperAPI function: {0}
,http://www.microsoft.com/pki/certs/CSPCA.crt0
,http://www.microsoft.com/pki/certs/CSPCA.crt0
,http://www.microsoft.com/pki/certs/tspca.crt0
,http://www.microsoft.com/pki/certs/tspca.crt0
fiddler.network.readresponse.failure> FTPSession #{0} raised exception: {1}
Tamir.SharpSsh.jsch.jce.HMACMD596
Tamir.SharpSsh.jsch.jce.SignatureDSA
Tamir.SharpSsh.jsch.jce.SignatureRSA
fiddler.network.timeouts.dnscache
fiddler.network.streaming> Streaming of HTTP/1xx headers from #{0} to client failed: {1}
Tamir.SharpSsh.jsch.jce.HMACMD5
Tamir.SharpSsh.jsch.jce
Tamir.SharpSsh.jsch
<html><body>Request for httpS://localhost:
fiddler.network.https.checkcertificaterevocation
fiddler.network.https.clientcertificate.ephemeral.prompt-for-missing
signature.rsa
fiddler.network.gateway.connect>Connection to {0} failed. {1}. Will try DNS Failover if available.

Foremost
Matches
0.exe, 2 MB, 4509.png, 456 B
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed: 1.9.4.1, 1, 2(SERVFAIL), 2.5.8.1, 1, aamiens-157-1-19-1.w2-5.abo.wanadoo.fr., 2.5.29.16, 1, aamiens-555-1-9-16.w2-5.abo.wanadoo.fr., 2.5.29.17, 1, aamiens-555-1-9-17.w2-5.abo.wanadoo.fr., 2.5.29.14, 1, aamiens-555-1-9-14.w2-5.abo.wanadoo.fr., 2.5.29.15, 1, aamiens-555-1-9-15.w2-5.abo.wanadoo.fr., 2.5.4.20, 1, alille-656-1-159-20.w2-5.abo.wanadoo.fr., 2.5.29.18, 1, aamiens-555-1-9-18.w2-5.abo.wanadoo.fr., 2.5.29.19, 1, aamiens-555-1-9-19.w2-5.abo.wanadoo.fr., 2.5.29.27, 1, aamiens-555-1-9-27.w2-5.abo.wanadoo.fr., 2.5.29.24, 1, aamiens-555-1-9-24.w2-5.abo.wanadoo.fr., 2.5.29.23, 1, aamiens-555-1-9-23.w2-5.abo.wanadoo.fr., 2.5.29.21, 1, aamiens-555-1-9-21.w2-5.abo.wanadoo.fr., 2.5.29.20, 1, aamiens-555-1-9-20.w2-5.abo.wanadoo.fr., 2.5.4.54, 1, alille-656-1-159-54.w2-5.abo.wanadoo.fr., 2.5.29.29, 1, aamiens-555-1-9-29.w2-5.abo.wanadoo.fr., 2.5.29.28, 1, aamiens-555-1-9-28.w2-5.abo.wanadoo.fr., 2.5.29.30, 1, aamiens-555-1-9-30.w2-5.abo.wanadoo.fr., 2.5.29.31, 1, aamiens-555-1-9-31.w2-5.abo.wanadoo.fr., 2.5.29.32, 1, aamiens-555-1-9-32.w2-5.abo.wanadoo.fr., 2.5.29.35, 1, aamiens-555-1-9-35.w2-5.abo.wanadoo.fr., 2.5.29.36, 1, aamiens-555-1-9-36.w2-5.abo.wanadoo.fr., 2.5.29.37, 1, aamiens-555-1-9-37.w2-5.abo.wanadoo.fr., 2.5.4.46, 1, alille-656-1-159-46.w2-5.abo.wanadoo.fr., 2.5.4.45, 1, alille-656-1-159-45.w2-5.abo.wanadoo.fr., 2.5.4.44, 1, alille-656-1-159-44.w2-5.abo.wanadoo.fr., 2.5.4.43, 1, alille-656-1-159-43.w2-5.abo.wanadoo.fr., 2.5.4.42, 1, alille-656-1-159-42.w2-5.abo.wanadoo.fr., 2.5.4.41, 1, alille-656-1-159-41.w2-5.abo.wanadoo.fr., 2.5.29.46, 1, aamiens-555-1-9-46.w2-5.abo.wanadoo.fr., 2.5.29.33, 1, aamiens-555-1-9-33.w2-5.abo.wanadoo.fr., 2.5.4.8, 1, alille-656-1-159-8.w2-5.abo.wanadoo.fr., 2.5.4.9, 1, alille-656-1-159-9.w2-5.abo.wanadoo.fr., 2.5.4.6, 1, alille-656-1-159-6.w2-5.abo.wanadoo.fr., 2.5.4.7, 1, alille-656-1-159-7.w2-5.abo.wanadoo.fr., 2.5.4.4, 1, alille-656-1-159-4.w2-5.abo.wanadoo.fr., 2.5.4.5, 1, alille-656-1-159-5.w2-5.abo.wanadoo.fr., 2.5.4.3, 1, alille-656-1-159-3.w2-5.abo.wanadoo.fr., 2.5.4.72, 1, alille-656-1-159-72.w2-5.abo.wanadoo.fr., 2.5.4.10, 1, alille-656-1-159-10.w2-5.abo.wanadoo.fr., 2.5.4.11, 1, alille-656-1-159-11.w2-5.abo.wanadoo.fr., 2.5.4.12, 1, alille-656-1-159-12.w2-5.abo.wanadoo.fr., 2.5.4.15, 1, alille-656-1-159-15.w2-5.abo.wanadoo.fr., 2.5.4.16, 1, alille-656-1-159-16.w2-5.abo.wanadoo.fr., 2.5.4.17, 1, alille-656-1-159-17.w2-5.abo.wanadoo.fr., 2.5.29.1, 1, aamiens-555-1-9-1.w2-5.abo.wanadoo.fr., 2.5.29.4, 1, aamiens-555-1-9-4.w2-5.abo.wanadoo.fr., 2.5.29.9, 1, aamiens-555-1-9-9.w2-5.abo.wanadoo.fr., 2.5.29.56, 1, aamiens-555-1-9-56.w2-5.abo.wanadoo.fr., 2.5.29.54, 1, aamiens-555-1-9-54.w2-5.abo.wanadoo.fr., 2.5.29.55, 1, aamiens-555-1-9-55.w2-5.abo.wanadoo.fr., 2.5.4.65, 1, alille-656-1-159-65.w2-5.abo.wanadoo.fr., 127.0.0.1, 1, localhost.
Suspicious: 1.3.36.8, 0, Unknown, 1.3.133.16, 0, Unknown, 1.9.16.2, 0, Unknown, 13.0.4.15, 0, Unknown, 1.9.15.1, 0, Unknown, 1.9.15.2, 0, Unknown, 1.9.15.3, 0, Unknown, 1.12.10.1, 0, Unknown, 5.5.7.48, 0, Unknown, 5.5.7.2, 0, Unknown, 5.5.7.3, 0, Unknown, 5.5.7.1, 0, Unknown, 5.5.7.9, 0, Unknown, 0.4.0.127, 0, Unknown, 4.1.188.7, 0, Unknown, 1.9.22.2, 0, Unknown, 1.9.22.1, 0, Unknown, 1.3.6.1, 0, Unknown, 5.5.8.1, 0, Unknown, 1.9.16.6, 0, Unknown, 1.9.16.5, 0, Unknown, 1.9.16.3, 0, Unknown, 101.3.4.22, 0, Unknown, 1.9.16.1, 0, Unknown, 1.12.1.5, 0, Unknown, 1.12.1.4, 0, Unknown, 1.12.1.6, 0, Unknown, 1.12.1.1, 0, Unknown, 1.12.1.3, 0, Unknown, 1.12.1.2, 0, Unknown, 101.3.4.42, 0, Unknown, 5.5.7.11, 0, Unknown, 1.3.36.3, 0, Unknown, 1.9.23.1, 0, Unknown, 1.2.3.1, 0, Unknown, 1.2.3.3, 0, Unknown, 1.2.3.2, 0, Unknown, 13.0.4.22, 0, Unknown, 1.3.14.7, 0, Unknown, 1.3.14.3, 0, Unknown, 101.3.4.2, 0, Unknown, 61.1.1.1, 0, Unknown, 61.1.1.3, 0, Unknown, 7.1.1.1, 0, Unknown
hasAllowed: True check_circle
hasSuspicious: True check_circle

URLs
Allowed: http://crl.microsoft.com/pki/crl/products/cspca.crl0h, http://www.w3.org/2001/xmlschema-instance, http://crl.microsoft.com/pki/crl/products/tspca.crl0h, http://www.microsoft.com/pki/certs/cspca.crt0, http://www.microsoft.com/pki/certs/tspca.crt0, http://microsoft.com0, http://support.microsoft.com/kb/316112
hasURLs: True check_circle
Suspicious: http://www.host.com/filepath?query., http://www.x.com, http://fiddler.wikidot.com/prefs, http://blogs.msdn.com/b/ieinternals/archive/2013/10/11/web-proxy-configuration-and-ie11-changes.aspx, http://fiddler2.com/r/?, http://, http://www.telerik.com/support/whats-new/fiddler/release-history/fiddler-v2.x, https://fiddler2.com/, file://, http://www.telerik.com/updatecheck.aspx?isbeta=, file:///, http://getfiddler.com., ftp://, http://www.fiddler2.com, http://fiddler2.com, https://, http://www.fiddlerbook.com/r/?shop, http://www.iana.org/assignments/tls-parameters/, http://fiddler2.com/fiddlercore/
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: CertMaker.dll, *.dll, bklcom.dll, Fiddler*.dll, ADVAPI32.dll, winhttp.dll, OLEAUT32.dll, CRYPT32.dll, RPCRT4.dll, shlwapi.dll, MSSIGN32.dll, wininet.dll, user32.dll, msvcrt.dll, mscoree.dll, ole32.dll, urlmon.dll, KERNEL32.dll, winmm.dll, iphlpapi.dll, rasapi32.dll, shell32.dll
hasFiles: True check_circle
Suspicious: AutoResponder.xml, _m.xml, System.Xml, _s.txt, \c.txt, _c.txt, {0}_Status{1}.txt, _w.txt
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 4096
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 512
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 4
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 4
Linker
Version: 8.0
Suspicious: False cancel
Subsystem
Version: 4.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 2321678
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, winhttp.dll, oleaut32.dll, crypt32.dll, rpcrt4.dll, shlwapi.dll, mssign32.dll, wininet.dll, user32.dll, msvcrt.dll, mscoree.dll, ole32.dll, urlmon.dll, kernel32.dll, winmm.dll, rasapi32.dll, shell32.dll
hasLibs: True check_circle
Suspicious: certmaker.dll, *.dll, bklcom.dll, fiddler*.dll, iphlpapi.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2015-05-12 16:22:39
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, .NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation
XOR: True check_circle
Fuzzing: True check_circle

PEDetector
Matches
2196642, 2252278
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.text: 48

pushpopmath
.text: 423

ss register
.text: 10

garbagebytes
.text: 26

hookdetection
.text: 3

software breakpoint
.text: 13

fakeconditionaljumps
.text: 1

programcontrolflowchange
.text: 25

cpuinstructionsresultscomparison
.text: 3226

AVclass
ircbot
1
VirusTotal
md5
9e0f941da600bb73757199abd6099a73
sha1
01791eaa75d6816fc5612b6779b8ac45194d7ace
SCANS (DETECTION RATE = 73.13%)
AVG
result: MSIL:Banker-AB [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180324
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=100)
update: 20180325
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180325
version: 1.3.0.9466
detected: False cancel

K7GW
result: Riskware ( 0040eff71 )
update: 20180325
version: 10.42.26601
detected: True check_circle

ALYac
result: Gen:Variant.Zusy.150564
update: 20180325
version: 1.1.1.5
detected: True check_circle

Avast
result: MSIL:Banker-AB [Trj]
update: 20180325
version: 18.2.3827.0
detected: True check_circle

Avira
result: TR/Agent.2318336.42
update: 20180324
version: 8.3.3.6
detected: True check_circle

Baidu
result: Win32.Trojan.WisdomEyes.16070401.9500.9792
update: 20180323
version: 1.0.0.2
detected: True check_circle

Cyren
result: W32/Trojan.LLYH-9047
update: 20180325
version: 5.4.30.7
detected: True check_circle

DrWeb
result: Trojan.DownLoader13.55942
update: 20180325
version: 7.0.28.2020
detected: True check_circle

GData
result: Gen:Variant.Zusy.150564
update: 20180325
version: A:25.16495B:25.11872
detected: True check_circle

Panda
result: Trj/CI.A
update: 20180324
version: 4.6.4.2
detected: True check_circle

VBA32
result: TScope.Trojan.MSIL
update: 20180323
version: 3.12.28.0
detected: True check_circle

VIPRE
result: Backdoor.IRCBot
update: 20180325
version: 65508
detected: True check_circle

Zoner
update: 20180325
version: 1.0
detected: False cancel

AVware
result: Backdoor.IRCBot
update: 20180325
version: 1.5.0.42
detected: True check_circle

ClamAV
result: Win.Trojan.Gnarly-3
update: 20180325
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180325
detected: False cancel

F-Prot
update: 20180325
version: 4.7.1.166
detected: False cancel

Ikarus
result: Trojan.Win32.IRCBot
update: 20180324
version: 0.1.5.2
detected: True check_circle

McAfee
result: Artemis!9E0F941DA600
update: 20180325
version: 6.0.6.653
detected: True check_circle

Rising
result: Spyware.Banker!8.8D (TFE:C:sXF8Ri4zcT)
update: 20180325
version: 25.0.0.1
detected: True check_circle

Sophos
result: Mal/Generic-S
update: 20180325
version: 4.98.0
detected: True check_circle

Yandex
result: Trojan.IRCbot!sNBMusSkXpQ
update: 20180324
version: 5.5.1.3
detected: True check_circle

Zillya
result: Trojan.IRCBot.Win32.7451
update: 20180323
version: 2.0.0.3519
detected: True check_circle

Arcabit
result: Trojan.Zusy.D24C24
update: 20180325
version: 1.0.0.831
detected: True check_circle

Cylance
result: Unsafe
update: 20180325
version: 2.3.1.101
detected: True check_circle

Endgame
update: 20180316
version: 2.0.5
detected: False cancel

Tencent
result: Win32.Trojan.Generic.Htvz
update: 20180325
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180324
version: 2014.3.20.0
detected: False cancel

eGambit
update: 20180325
version: v4.3.5
detected: False cancel

Ad-Aware
result: Gen:Variant.Zusy.150564
update: 20180325
version: 3.0.3.1010
detected: True check_circle

AegisLab
result: Troj.W32.IRCbot.fsx!c
update: 20180325
version: 4.2
detected: True check_circle

Emsisoft
result: Gen:Variant.Zusy.150564 (B)
update: 20180325
version: 4.0.2.899
detected: True check_circle

F-Secure
result: Gen:Variant.Zusy.150564
update: 20180325
version: 11.0.19100.45
detected: True check_circle

Fortinet
result: MSIL/Banker.CR!tr.spy
update: 20180325
version: 5.4.247.0
detected: True check_circle

Invincea
update: 20180121
version: 6.3.4.26036
detected: False cancel

Jiangmin
update: 20180325
version: 16.0.100
detected: False cancel

Kingsoft
update: 20180325
version: 2013.8.14.323
detected: False cancel

Paloalto
result: generic.ml
update: 20180325
version: 1.0
detected: True check_circle

Symantec
result: Trojan.Gen
update: 20180324
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180325
version: 2018-03-25.01
detected: False cancel

AhnLab-V3
result: Malware/Win32.Generic.R158782
update: 20180324
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan/Win32.IRCbot
update: 20180325
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Trojan.Win32.Generic
update: 20180325
version: 15.0.1.13
detected: True check_circle

Microsoft
result: TrojanProxy:MSIL/Mictanort.A
update: 20180325
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: HEUR/QVM03.0.Malware.Gen
update: 20180325
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180319
version: 6.8.0.5.2551
detected: False cancel

ZoneAlarm
result: HEUR:Trojan.Win32.Generic
update: 20180325
version: 1.0
detected: True check_circle

Cybereason
result: malicious.da600b
update: 20180225
version: 1.2.27
detected: True check_circle

ESET-NOD32
result: a variant of MSIL/Spy.Banker.CR
update: 20180325
version: 17111
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DBF18
update: 20180325
version: 9.862.0.1074
detected: True check_circle

WhiteArmor
update: 20180324
detected: False cancel

BitDefender
result: Gen:Variant.Zusy.150564
update: 20180325
version: 7.2
detected: True check_circle

CrowdStrike
result: malicious_confidence_80% (W)
update: 20170201
version: 1.0
detected: True check_circle

K7AntiVirus
result: Riskware ( 0040eff71 )
update: 20180325
version: 10.42.26601
detected: True check_circle

SentinelOne
update: 20180225
version: 1.0.15.206
detected: False cancel

Avast-Mobile
update: 20180324
version: 180324-00
detected: False cancel

Malwarebytes
result: Backdoor.IRCBot.AAH
update: 20180325
version: 2.1.1.1115
detected: True check_circle

TotalDefense
update: 20180325
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
result: Trojan.Niviol.Generic.FC.1882
update: 20180324
version: 14.00
detected: True check_circle

NANO-Antivirus
result: Trojan.Win32.IRCbot.dsfgfz
update: 20180325
version: 1.0.100.22043
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Zusy.150564
update: 20180325
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180325
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Artemis!Trojan
update: 20180324
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DBF18
update: 20180325
version: 9.950.0.1006
detected: True check_circle

total
67
sha256
8e091d99930d50a29f00c88d84037a6568e20d583192e16bff0a78bebfe2b35d
scan_id
8e091d99930d50a29f00c88d84037a6568e20d583192e16bff0a78bebfe2b35d-1521959219
resource
9e0f941da600bb73757199abd6099a73
positives
49
scan_date
2018-03-25 06:26:59
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
28/2/2020 - 12:45:44.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:44.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:44.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:44.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:44.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:44.278Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:44.278Open1480C:\malware.exeC:\malware.exe.config
28/2/2020 - 12:45:44.278Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 12:45:44.293Unknown1480C:\malware.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 12:45:44.293Unknown1480C:\malware.exeC:\Users\Behemot
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 12:45:44.293Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
28/2/2020 - 12:45:44.293Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
28/2/2020 - 12:45:44.309Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat
28/2/2020 - 12:45:44.309Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
28/2/2020 - 12:45:44.309Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:44.637Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:44.684Read1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:44.731Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:44.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:45.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.43Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:46.43Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:46.43Open1480C:\malware.exeC:\
28/2/2020 - 12:45:46.43Unknown1480C:\malware.exeC:\
28/2/2020 - 12:45:46.43Open1480C:\malware.exeC:\Monitor
28/2/2020 - 12:45:46.43Unknown1480C:\malware.exeC:\Monitor
28/2/2020 - 12:45:46.43Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 12:45:46.43Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 12:45:46.43Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:46.43Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:46.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:46.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:47.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\System32\rpcss.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\CRYPTBASE.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
28/2/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Windows\System32\cryptbase.dll
28/2/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Windows\System32\cryptbase.dllcryptbase.dll
28/2/2020 - 12:45:48.153Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:45:48.153Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:45:48.200Open1480C:\malware.exeC:\malware.config
28/2/2020 - 12:45:48.200Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:48.200Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:48.247Open1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 12:45:48.247Unknown1480C:\malware.exeC:\Monitor\Malware
28/2/2020 - 12:45:48.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:48.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:49.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:49.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:49.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:49.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:49.512Open1480C:\malware.exeC:\Windows\System32\l_intl.nls
28/2/2020 - 12:45:49.606Open1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:49.606Unknown1480C:\malware.exeC:\malware.exe
28/2/2020 - 12:45:49.840Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
28/2/2020 - 12:45:49.887Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
28/2/2020 - 12:45:50.28Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
28/2/2020 - 12:45:50.28Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 12:45:50.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:45:50.28Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:45:50.28Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\assembly\pubpol4.dat
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 12:45:50.43Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
28/2/2020 - 12:45:50.43Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:50.43Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:50.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:50.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:51.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:51.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.606Open1480C:\malware.exeC:\Windows\Globalization\pt-br.nlp
28/2/2020 - 12:45:52.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:52.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:52.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:53.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:53.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:53.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:53.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:53.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:53.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:54.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:54.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:55.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:55.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:55.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:55.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:56.856Unknown1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:56.856Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
28/2/2020 - 12:45:56.997Open1480C:\malware.exeC:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
28/2/2020 - 12:45:57.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.700Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.793Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.887Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.934Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:57.981Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.28Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.122Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.262Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.309Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.356Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.403Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.497Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:58.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:58.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:58.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:58.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.340Open1480C:\malware.exeC:\ProgramData\c.txt
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dll
28/2/2020 - 12:45:59.434Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
28/2/2020 - 12:45:59.450Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.450Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.606Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
28/2/2020 - 12:45:59.622Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:59.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.637Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 12:45:59.637Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.684Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 12:45:59.684Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 12:45:59.684Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 12:45:59.684Open1480C:\malware.exeC:\Windows\System32\tzres.dll
28/2/2020 - 12:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.684Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:45:59.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.731Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:45:59.778Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.825Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.872Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.918Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:45:59.965Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:46:0.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.59Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.153Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.200Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.247Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.293Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.340Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.387Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.434Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:46:0.575Open1480C:\malware.exeC:\shfolder.dll
28/2/2020 - 12:46:0.575Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
28/2/2020 - 12:46:0.622Open1480C:\malware.exeC:\Windows\System32\shfolder.dll
28/2/2020 - 12:46:0.903Open1480C:\malware.exeC:\Users\Behemot\Documents
28/2/2020 - 12:46:0.903Unknown1480C:\malware.exeC:\Users\Behemot\Documents
28/2/2020 - 12:46:0.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:0.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\iphlpapi.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\IPHLPAPI.DLL
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\WINNSI.DLL
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\winnsi.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\DNSAPI.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\dhcpcsvc6.DLL
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
28/2/2020 - 12:46:1.418Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 12:46:1.418Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dll
28/2/2020 - 12:46:1.418Unknown1480C:\malware.exeC:\Windows\System32\dhcpcsvc6.dlldhcpcsvc6.dll
28/2/2020 - 12:46:1.465Open1480C:\malware.exeC:\dhcpcsvc.DLL
28/2/2020 - 12:46:1.465Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
28/2/2020 - 12:46:1.465Open1480C:\malware.exeC:\Windows\System32\dhcpcsvc.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\System32\mswsock.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\System32\WSHTCPIP.DLL
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\System32\wship6.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\System32\wship6.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
28/2/2020 - 12:46:1.512Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 12:46:1.512Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.528Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
28/2/2020 - 12:46:1.528Unknown1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.528Open1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:46:1.543Unknown1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.543Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 12:46:1.559Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 12:46:1.559Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.559Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:1.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.configmachine.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.575Open1480C:\malware.exeC:\malware.config
28/2/2020 - 12:46:1.575Open1480C:\malware.exeC:\malware.config
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.606Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.606Open1480C:\malware.exeC:\malware.config
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\b13e5b1d6011e11c508cc63abebad05c\System.Drawing.ni.dllSystem.Drawing.ni.dll
28/2/2020 - 12:46:1.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\29259da8265e0e428d9682df679f81d2\System.Xml.ni.dllSystem.Xml.ni.dll
28/2/2020 - 12:46:1.606Open1480C:\malware.exeC:\pt-BR\#f3.resources.dll
28/2/2020 - 12:46:1.606Open1480C:\malware.exeC:\pt-BR\#f3.resources\#f3.resources.dll
28/2/2020 - 12:46:1.606Open1480C:\malware.exeC:\pt-BR\#f3.resources.exe
28/2/2020 - 12:46:1.606Open1480C:\malware.exeC:\pt-BR\#f3.resources\#f3.resources.exe
28/2/2020 - 12:46:1.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
28/2/2020 - 12:46:1.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
28/2/2020 - 12:46:1.622Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\malware.exe.Local
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:46:1.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:46:1.637Unknown1480C:\malware.exeC:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6
28/2/2020 - 12:46:1.637Unknown1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\mscorrc.dll
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\Windows\Globalization\pt.nlp
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\pt\#f3.resources.dll
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\pt\#f3.resources\#f3.resources.dll
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\pt\#f3.resources.exe
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\pt\#f3.resources\#f3.resources.exe
28/2/2020 - 12:46:1.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.637Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:1.637Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:1.653Write1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:1.653Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:1.653Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Open1480C:\malware.exeC:\Windows\System32\pt-BR\KernelBase.dll.mui
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:2.747Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.840Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\6c4229c7fc3ae5af06273718d7a5b935\System.Configuration.ni.dllSystem.Configuration.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:3.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:4.12Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\rasapi32.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\rasapi32.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\Windows\System32\rasapi32.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\rasman.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\Windows\System32\rasman.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\Windows\System32\rasman.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\rtutils.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
28/2/2020 - 12:46:4.12Open1480C:\malware.exeC:\Windows\System32\rtutils.dll
28/2/2020 - 12:46:4.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections\Pbk
28/2/2020 - 12:46:4.75Open1480C:\malware.exeC:\ProgramData\Microsoft\Network\Connections\Pbk
28/2/2020 - 12:46:4.75Open1480C:\malware.exeC:\Windows\System32\ras
28/2/2020 - 12:46:4.75Unknown1480C:\malware.exeC:\Windows\System32\ras
28/2/2020 - 12:46:4.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
28/2/2020 - 12:46:4.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
28/2/2020 - 12:46:4.75Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
28/2/2020 - 12:46:4.75Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Network\Connections\Pbk
28/2/2020 - 12:46:4.75Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.168Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\wininet.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\version.DLL
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\version.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\version.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Secur32.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\secur32.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\secur32.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\SSPICLI.DLL
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\sspicli.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:46:4.262Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 12:46:4.262Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 12:46:4.262Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\winhttp.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\webio.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\webio.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 12:46:4.262Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 12:46:4.262Open1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 12:46:4.262Unknown1480C:\malware.exeC:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dllapi-ms-win-downlevel-shlwapi-l2-1-0.dll
28/2/2020 - 12:46:4.356Open1480C:\malware.exeC:\Windows\System32\netprofm.dll
28/2/2020 - 12:46:4.356Open1480C:\malware.exeC:\Windows\System32\netprofm.dll
28/2/2020 - 12:46:4.356Open1480C:\malware.exeC:\Windows\System32\nlaapi.dll
28/2/2020 - 12:46:4.356Open1480C:\malware.exeC:\Windows\System32\nlaapi.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\CRYPTSP.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\cryptsp.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\rsaenh.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\RpcRtRemote.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
28/2/2020 - 12:46:4.450Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 12:46:4.450Open1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dll
28/2/2020 - 12:46:4.450Unknown1480C:\malware.exeC:\Windows\System32\RpcRtRemote.dllRpcRtRemote.dll
28/2/2020 - 12:46:4.590Open1480C:\malware.exeC:\Windows\System32\npmproxy.dll
28/2/2020 - 12:46:4.590Open1480C:\malware.exeC:\Windows\System32\npmproxy.dll
28/2/2020 - 12:46:4.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:4.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:5.481Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:5.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:5.528Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:5.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:5.575Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:5.622Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:5.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:5.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:5.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:5.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\76e0e33fc1c3f1da85d42fc68c13638a\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
28/2/2020 - 12:46:5.856Open1480C:\malware.exeC:\CertMaker.dll
28/2/2020 - 12:46:5.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:5.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:5.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\d5a6b47b56d49e85668104cc5118f1fe\System.Core.ni.dllSystem.Core.ni.dll
28/2/2020 - 12:46:5.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:5.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:5.997Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.43Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:6.90Open1480C:\malware.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\crypt32.dll
28/2/2020 - 12:46:6.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.137Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.137Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.137Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:6.184Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:6.184Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.231Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.278Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.325Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.372Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.418Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.512Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.559Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.668Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.715Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.715Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.715Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:6.762Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:6.762Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:6.762Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:6.809Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.856Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:6.903Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:6.950Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Monitor
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Monitor
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\apphelp.dll
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Read1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\windows\system32\ui\SwDRM.dll
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Read1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:6.997Read1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\Prefetch\MAKECERT.EXE-3EBB50CC.pf
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows\System32\wow64log.dll
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:7.43Unknown2332C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:7.43Open2332C:\Windows\System32\makecert.exeC:\Monitor
28/2/2020 - 12:46:7.215Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:7.215Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:7.215Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:7.262Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:7.403Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 12:46:7.418Unknown2332C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:7.418Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.481Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.481Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.543Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:7.543Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:7.543Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:7.543Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:7.543Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:7.543Write2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.28Write2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.28Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.28Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 12:46:8.28Unknown2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 12:46:8.28Unknown2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 12:46:8.28Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\qagentrt.dll
28/2/2020 - 12:46:8.43Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 12:46:8.43Open2332C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Write2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Read2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Write2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Read2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Write2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\686B4E4A9A80FC310126890FB6D85433107FCECD
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\686B4E4A9A80FC310126890FB6D85433107FCECD
28/2/2020 - 12:46:8.90Write2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\686B4E4A9A80FC310126890FB6D85433107FCECD686B4E4A9A80FC310126890FB6D85433107FCECD
28/2/2020 - 12:46:8.90Open2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\686B4E4A9A80FC310126890FB6D85433107FCECD
28/2/2020 - 12:46:8.90Read2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\686B4E4A9A80FC310126890FB6D85433107FCECD686B4E4A9A80FC310126890FB6D85433107FCECD
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\686B4E4A9A80FC310126890FB6D85433107FCECD686B4E4A9A80FC310126890FB6D85433107FCECD
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.90Unknown2332C:\Windows\System32\makecert.exeC:\Monitor
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.90Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:8.90Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:8.90Open1480C:\malware.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CRYPT32.dll
28/2/2020 - 12:46:8.106Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\p2pcollab.dll
28/2/2020 - 12:46:8.106Unknown1480C:\malware.exeC:\Windows\System32\p2pcollab.dllp2pcollab.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\p2pcollab.dll
28/2/2020 - 12:46:8.106Unknown1480C:\malware.exeC:\Windows\System32\p2pcollab.dllp2pcollab.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\QAGENTRT.DLL
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\QAGENTRT.DLL
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\dnsapi.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\fveui.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\wuaueng.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\wuaueng.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\GPAPI.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\gpapi.dll
28/2/2020 - 12:46:8.106Open1480C:\malware.exeC:\Windows\System32\gpapi.dll
28/2/2020 - 12:46:8.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:8.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:8.215Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:8.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:8.465Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:8.465Open1480C:\malware.exeC:\ProgramData\c.txt
28/2/2020 - 12:46:8.465Write1480C:\malware.exeC:\ProgramData\c.txt
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Monitor
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Monitor
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Open1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.575Read1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.575Read1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.575Unknown1480C:\malware.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exeC:\Windows\Prefetch\MAKECERT.EXE-3EBB50CC.pf
28/2/2020 - 12:46:8.575Read2924C:\Windows\System32\makecert.exeC:\Windows\Prefetch\MAKECERT.EXE-3EBB50CC.pfMAKECERT.EXE-3EBB50CC.pf
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exe\Device\HarddiskVolume2
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exeC:\$EXTEND
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\$EXTEND
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\$EXTEND
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exeC:\Users
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData
28/2/2020 - 12:46:8.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 12:46:8.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\Globalization
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\ntdll.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\ntdll.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\kernel32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\kernel32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\user32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\user32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ntdll.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ntdll.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\apisetschema.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\KernelBase.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\locale.nls
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\locale.nls
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msvcrt.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msvcrt.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcrt4.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcrt4.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sspicli.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sspicli.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptbase.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\user32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\user32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\gdi32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\gdi32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\lpk.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\lpk.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\usp10.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\usp10.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\crypt32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\crypt32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msasn1.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msasn1.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\shlwapi.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\shlwapi.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\normaliz.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\normaliz.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\iertutil.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\iertutil.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\userenv.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\userenv.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\profapi.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\profapi.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\oleaut32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\oleaut32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.622Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msctf.dll
28/2/2020 - 12:46:8.622Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msctf.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[1].XML
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[9].XML
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[8].XML
28/2/2020 - 12:46:8.637Read2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\locale.nls
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJ54RMQH\QSML[2].XML
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\ntdll.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\kernel32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\user32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ntdll.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\advapi32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msvcrt.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcrt4.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sspicli.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\user32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\gdi32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\lpk.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\usp10.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ole32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\crypt32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msasn1.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\wininet.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dllapi-ms-win-downlevel-user32-l1-1-0.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dllapi-ms-win-downlevel-shlwapi-l1-1-0.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\shlwapi.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dllapi-ms-win-downlevel-version-l1-1-0.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dllapi-ms-win-downlevel-normaliz-l1-1-0.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\normaliz.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\iertutil.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dllapi-ms-win-downlevel-advapi32-l1-1-0.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\userenv.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\profapi.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\oleaut32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\msctf.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exe\Device\HarddiskVolume2
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64win.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64cpu.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows\System32\wow64log.dll
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.637Unknown2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:8.637Open2924C:\Windows\System32\makecert.exeC:\Monitor
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\sechost.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\mssign32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\version.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\ncrypt.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\bcrypt.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\imm32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\kernel32.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nls
28/2/2020 - 12:46:8.809Unknown2924C:\Windows\System32\makecert.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 12:46:8.809Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rpcss.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\uxtheme.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\cryptsp.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\rsaenh.dll
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.825Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.825Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.825Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.825Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.825Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.887Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:8.887Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:8.887Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:8.887Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:8.887Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:8.934Write2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.512Write2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.512Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.512Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c5e36ea3492a307844e8546080facf5af_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 12:46:9.512Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 12:46:9.512Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dll
28/2/2020 - 12:46:9.512Unknown2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\p2pcollab.dllp2pcollab.dll
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\qagentrt.dll
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Windows\SysWOW64\dnsapi.dll
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.528Read2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.528Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.528Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.528Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.528Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001
28/2/2020 - 12:46:9.528Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.528Read2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2148495166-3420019059-1286093062-1001\7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c7b90a71bfc56f2582e916a51aed6df9a_fa25e266-6d0f-4de2-813a-bf4374e0628c
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.575Read2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Write2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Read2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Write2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Read2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Write2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\0DE9529497EFF0D0DE4AE54208B21F5D5228815A
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\0DE9529497EFF0D0DE4AE54208B21F5D5228815A
28/2/2020 - 12:46:9.575Write2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\0DE9529497EFF0D0DE4AE54208B21F5D5228815A0DE9529497EFF0D0DE4AE54208B21F5D5228815A
28/2/2020 - 12:46:9.575Open2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\0DE9529497EFF0D0DE4AE54208B21F5D5228815A
28/2/2020 - 12:46:9.575Read2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\0DE9529497EFF0D0DE4AE54208B21F5D5228815A0DE9529497EFF0D0DE4AE54208B21F5D5228815A
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Keys\0DE9529497EFF0D0DE4AE54208B21F5D5228815A0DE9529497EFF0D0DE4AE54208B21F5D5228815A
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Windows
28/2/2020 - 12:46:9.575Unknown2924C:\Windows\System32\makecert.exeC:\Monitor
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.590Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.590Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.590Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067A8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.590Read1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\A227C17B125560F48AA3168C48DC0363AFACEE52A227C17B125560F48AA3168C48DC0363AFACEE52
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
28/2/2020 - 12:46:9.590Open1480C:\malware.exeC:\ProgramData\winnitt.exe
28/2/2020 - 12:46:9.590Unknown1480C:\malware.exeC:\Users\Behemot\AppData\Roaming\Microsoft\SystemCertificates\My
28/2/2020 - 12:46:9.590Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:9.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll
28/2/2020 - 12:46:9.606Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:9.606Open1480C:\malware.exeC:\Windows\System32\NapiNSP.dll
28/2/2020 - 12:46:9.606Open1480C:\malware.exeC:\Windows\System32\NapiNSP.dll
28/2/2020 - 12:46:9.606Open1480C:\malware.exeC:\Windows\System32\pnrpnsp.dll
28/2/2020 - 12:46:9.606Open1480C:\malware.exeC:\Windows\System32\pnrpnsp.dll
28/2/2020 - 12:46:9.622Open1480C:\malware.exeC:\Windows\System32\winrnr.dll
28/2/2020 - 12:46:9.622Open1480C:\malware.exeC:\Windows\System32\winrnr.dll
28/2/2020 - 12:46:11.918Open1480C:\malware.exeC:\rasadhlp.dll
28/2/2020 - 12:46:11.918Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
28/2/2020 - 12:46:11.918Open1480C:\malware.exeC:\Windows\System32\rasadhlp.dll
28/2/2020 - 12:46:11.919Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:11.919Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:11.923Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:11.924Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:11.924Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:34.336Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:34.336Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c5a73d17be9743868915d6115\System.ni.dllSystem.ni.dll
28/2/2020 - 12:46:48.758Read1480C:\malware.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllmscorlib.ni.dll

Process
Trace
28/2/2020 - 12:46:6.997Create1480C:\malware.exe2332C:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.90Terminate1480C:\malware.exe2332C:\Windows\System32\makecert.exe
28/2/2020 - 12:46:8.559Create1480C:\malware.exe2924C:\Windows\System32\makecert.exe
28/2/2020 - 12:46:9.575Terminate1480C:\malware.exe2924C:\Windows\System32\makecert.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
28/2/2020 - 12:46:4.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableFileTracing
28/2/2020 - 12:46:4.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32EnableConsoleTracing
28/2/2020 - 12:46:4.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileTracingMask
28/2/2020 - 12:46:4.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32ConsoleTracingMask
28/2/2020 - 12:46:4.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32MaxFileSize
28/2/2020 - 12:46:4.75Write1480C:\malware.exe\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\malware_RASAPI32FileDirectory
28/2/2020 - 12:46:4.590Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionReason
28/2/2020 - 12:46:4.590Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecisionTime
28/2/2020 - 12:46:4.590Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDecision
28/2/2020 - 12:46:4.590Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-83-08-f3WpadDetectedUrl
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
28/2/2020 - 12:46:5.481Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
28/2/2020 - 12:46:5.481Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyEnable
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyServer
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsProxyOverride
28/2/2020 - 12:46:5.481Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoConfigURL
28/2/2020 - 12:46:5.481Delete1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet SettingsAutoDetect
28/2/2020 - 12:46:5.481Write1480C:\malware.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsSavedLegacySettings
28/2/2020 - 12:46:5.528Write1480C:\malware.exeHKCU\Software\Microsoft\FiddlerCore\DynamicAttached
28/2/2020 - 12:46:8.28Write2332C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.28Write2332C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.28Write2332C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.43Write2332C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.43Write2332C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.106Write1480C:\malware.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:8.559Delete1480C:\malware.exeHKCU\Software\Microsoft\SystemCertificates\Root\Certificates8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Write1480C:\malware.exeHKCU\Software\Microsoft\SystemCertificates\Root\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067ABlob
28/2/2020 - 12:46:8.559Delete1480C:\malware.exeHKCU\Software\Microsoft\SystemCertificates\Root\Certificates8609B7F69A6FD9D9495217EE8B6A5A4A4414067A
28/2/2020 - 12:46:8.559Write1480C:\malware.exeHKCU\Software\Microsoft\SystemCertificates\Root\Certificates\8609B7F69A6FD9D9495217EE8B6A5A4A4414067ABlob
28/2/2020 - 12:46:9.512Write2924C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:9.512Write2924C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:9.528Write2924C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:9.528Write2924C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList
28/2/2020 - 12:46:9.528Write2924C:\Windows\System32\makecert.exeHKCU\Local Settings\MuiCache\5\96383CDBLanguageList

File Summary
Created
Identified: True check_circle

Deleted
Identified: False cancel

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: True check_circle

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code q.aahb31.com.
computer localhost arrow_forward computer gateway:50273 code q.aahb31.com.

Response

TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
KNN (K=3, NFS-BRMalware)
confidence: 66.67%
suspicious: False cancel

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: False cancel

SVC (Kernel=Linear, NFS-BRMalware)
confidence: 67.09%
suspicious: False cancel

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 89.41%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 68.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 51.37%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 99.89%
suspicious: False cancel

Add to Collection
Download