• Nenhum resultado encontrado

Report #6244

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Report #6244"

Copied!
106
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 106 páginas )

Texto

(1)

Binary

DLL False

Size 76.00KB

trid 70.8% Generic CIL Executable

12.6% Windows screen saver 6.3% Win32 Dynamic Link Library 4.3% Win32 Executable

1.9% OS/2 Executable

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 04faf3609b7f1739fa006d97dc54b03d

sha1 6042fd53059df182ff0764dfd580df759242c065

crc32 0x6f4a0650

sha224 bd73eff03feb58defce60cb24dad218941047fad4cd06151d5e9fa50

sha256 5b381016e9403e854656a3b43e383287df94355308a231d5bc5c10e2ca0b1 48a

sha384 94528f05c509cfa67785dc843268c201372ef86d93f5df281e747f21d537288 8287212fbc86dc69045ca03ab66d0b169

sha512 bf37741336dd1650669b6aa6ce59869c37a405119f2961a83b777d5338c42 0b72e067197ada8dbbdc1887a867a7c7f06c0db1a1ba9fa7e592794968c50 349b67

ssdeep 1536:Qd8BcdOqmku+QDXt7nm1lgTBT0OeR8WBbHvT0zu:Nqmku+G97ElkL WFHvgzu

Report #6244

Creation Date: Feb. 14, 2020, 3:14 p.m.

Last Update: Feb. 14, 2020, 8:33 p.m.

File:

CodigodeRastreio_CJ463077332BR.exe Results:

(2)

Community

Google False

HashLib False

YARA

Matches NET_executable, Microsoft_Visual_C_v70_Basic_NET, Microsoft_Visual_Studi o_NET_additional, DebuggerCheck__QueryInfo, url, IP, contentis_base64, Is NET_EXE, Microsoft_Visual_C_Basic_NET, Microsoft_Visual_Studio_NET, NET_

executable_, domain, IsPE32, anti_dbg, Microsoft_Visual_C_v70_Basic_NET_

additional, IsWindowsGUI, disable_dep

Suspicious True

Strings

List

System.Net.Security My.Computer System.IO System.Net

System.Management

<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>

<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schem as-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/200 1/XMLSchema-instance">

System.ComponentModel.Design System.Net.Sockets

System.Security.Cryptography.X509Certificates System.Security.Cryptography

System.Security.AccessControl n6.My.Resources

System.IO.Compression

4System.Web.Services.Protocols.SoapHttpClientProtocol 1.0.0.0

1.0.0.0 1.0.0.0 1.0.0.0 ntdll.dll

*.~*

8.0.0.0 2.0.0.0 9.0.0.0

System.Windows.Forms.Form

3System.Resources.Tools.StronglyTypedResourceBuilder VBMath

DeleteSubKeyTree Delegate

(3)

CreateDelegate MulticastDelegate System.Windows.Forms

requestedExecutionLevel node with one of the following.

mscoree.dll get_UserName get_IsInterface

Debugger detected (Managed) get_MetadataToken

SslPolicyErrors TcpClient

ServerComputer DownloadData

DebuggerHiddenAttribute ProcessHandle

FileSecurity NetworkStream FileSystemProxy RegistrySecurity CompressionMode ClassesRoot

OutputDebugString DebuggableAttribute DeflateStream DebuggingModes RegistryAccessRule ResourceManager FileSystemSecurity RegistryKey COR_PROFILER SocketException IsDebuggerPresent ServicePointManager

DebuggerStepThroughAttribute Debugger

Registry

COR_ENABLE_PROFILING LocalMachine

GetModuleHandleA RegistryRights Hashtable ComputeHash

*.~-

*.~,

*.~(

*.~+

*.~^

*.~&

Randomize Sleep

GetHashCode CreateDecryptor CipherMode HashAlgorithm CryptoStreamMode RijndaelManaged Shell

ICryptoTransform CryptoStream

(4)

$db9a19a5-e108-43d3-9539-a70c4f9e178e n6.exe

n6.exe n6.exe

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

set_IsBackground

<requestedExecutionLevel level="asInvoker" uiAccess="false" />

Confuser v1.9.0.0

<requestedExecutionLevel level="highestAvailable" uiAccess="false" />

<requestedExecutionLevel level="highestAvailable" uiAccess="false" />

SpecialDirectoriesProxy

compatibility then delete the requestedExecutionLevel node.

Foremost

Matches 0.exe, 76 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed: http://www.w3.org/2001/xmlschema-instance hasURLs: True

Suspicious

hasAllowed: True hasSuspicious: False

Files Allowed: ntdll.dll, kernel32.dll, mscoree.dll hasFiles: True

Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 4096

Suspicious: False Image

Address: 4194304 Suspicious: False Stack

(5)

Stack: 4096 Suspicious: False Headers

Headers: 512 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .rsrc, .reloc Suspicious

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 8.0 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 81294

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: ntdll.dll, kernel32.dll, mscoree.dll hasLibs: True

Suspicious

(6)

hasAllowed: True hasSuspicious: False

Timestamp Past: False

Valid: True

Value: 2017-06-16 14:46:42 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, . NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation XOR: False

Fuzzing: False

PEDetector

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .text: 7

pushpopmath .text: 35

ss register .text: 4

cpuinstructionsresultscomparison .text: 11

AVclass

banload 1

VirusTotal

(7)

md5 04faf3609b7f1739fa006d97dc54b03d

sha1 6042fd53059df182ff0764dfd580df759242c065

SCANS (DETECTION RATE = 80.88%)

AVG result: Win32:Malware-gen

update: 20180806 version: 18.4.3895.0 detected: True

CMC update: 20180805

version: 1.1.0.977 detected: False

MAX result: malware (ai score=80)

update: 20180806 version: 2017.11.15.1 detected: True

Bkav update: 20180803

version: 1.3.0.9466 detected: False

K7GW result: Trojan-Downloader ( 004e01591 )

update: 20180806 version: 10.56.27975 detected: True

ALYac result: Trojan.GenericKD.5377634

update: 20180806 version: 1.1.1.5 detected: True

Avast result: Win32:Malware-gen

update: 20180806 version: 18.4.3895.0 detected: True

Avira result: TR/Dldr.Banload.RH

update: 20180805 version: 8.3.3.6 detected: True

Baidu result: Win32.Trojan.WisdomEyes.16070401.9500.9996 update: 20180802

version: 1.0.0.2 detected: True

(8)

Cyren result: W32/Banload.JLAR-3358 update: 20180805

version: 6.0.0.4 detected: True

DrWeb result: Trojan.DownLoader25.3609

update: 20180806 version: 7.0.33.6080 detected: True

GData result: Win32.Trojan.Agent.RW6EL3

update: 20180805

version: A:25.18007B:25.12896 detected: True

Panda result: Trj/WLT.C

update: 20180805 version: 4.6.4.2 detected: True

VBA32 result: TrojanDownloader.Banload

update: 20180803 version: 3.12.32.0 detected: True

VIPRE result: Trojan.Win32.Generic!BT

update: 20180805 version: 68644 detected: True

Zoner result: Trojan.Banload

update: 20180805 version: 1.0 detected: True

AVware result: Trojan.Win32.Generic!BT

update: 20180727 version: 1.6.0.52 detected: True

ClamAV update: 20180805

version: 0.100.1.0 detected: False

Comodo result: UnclassifiedMalware

update: 20180805

(9)

version: 29473 detected: True

F-Prot result: W32/Banload.BOD

update: 20180805 version: 4.7.1.166 detected: True

Ikarus result: Trojan-Downloader.MSIL.Banload update: 20180805

version: 0.1.5.2 detected: True

McAfee result: Generic.acq

update: 20180805 version: 6.0.6.653 detected: True

Rising result: Downloader.Banload!8.15B (CLOUD) update: 20180805

version: 25.0.0.24 detected: True

Sophos result: Mal/Generic-L

update: 20180805 version: 4.98.0 detected: True

Yandex result: Trojan.DL.Banload!Kgbt49jcM0U

update: 20180805 version: 5.5.1.3 detected: True

Zillya result: Downloader.Banload.Win32.82112

update: 20180803 version: 2.0.0.3609 detected: True

Arcabit result: Trojan.Generic.D520E62

update: 20180806 version: 1.0.0.831 detected: True

Babable update: 20180725

version: 9107201 detected: False

(10)

Cylance result: Unsafe update: 20180806 version: 2.3.1.101 detected: True

Endgame result: malicious (high confidence) update: 20180730

version: 3.0.1 detected: True

TACHYON update: 20180805

version: 2018-08-05.02 detected: False

Tencent result: Msil.Trojan.Agent.Hfm

update: 20180806 version: 1.0.0.1 detected: True

ViRobot result: Trojan.Win32.Agent.77824.FC update: 20180805

version: 2014.3.20.0 detected: True

Webroot update: 20180806

version: 1.0.0.403 detected: False

eGambit update: 20180806

detected: False

Ad-Aware result: Trojan.GenericKD.5377634

update: 20180804 version: 3.0.5.370 detected: True

AegisLab result: Trojan.Win32.Generic.4!c update: 20180805

version: 4.2 detected: True

Emsisoft result: Trojan.GenericKD.5377634 (B) update: 20180805

version: 2018.4.0.1029 detected: True

F-Secure result: Trojan.GenericKD.5377634

(11)

update: 20180805 version: 11.0.19100.45 detected: True

Fortinet result: MSIL/Banload.GH!tr.dldr update: 20180805

version: 5.4.247.0 detected: True

Invincea result: heuristic

update: 20180717 version: 6.3.5.26121 detected: True

Jiangmin result: TrojanDownloader.Banload.bmrw update: 20180805

version: 16.0.100 detected: True

Kingsoft update: 20180806

version: 2013.8.14.323 detected: False

Paloalto result: generic.ml

update: 20180806 version: 1.0 detected: True

Symantec result: Downloader

update: 20180805 version: 1.6.0.0 detected: True

AhnLab-V3 result: Trojan/Win32.Banload.C2031854 update: 20180805

version: 3.13.1.21616 detected: True

Antiy-AVL result: Trojan/Win32.SGeneric update: 20180806

version: 3.0.0.1 detected: True

Kaspersky result: Trojan.MSIL.Agent.fpwa update: 20180805

version: 15.0.1.13 detected: True

(12)

Microsoft result: TrojanDownloader:Win32/Banload update: 20180805

version: 1.1.15100.1 detected: True

Qihoo-360 result: Win32/Sorter.AVE.DotNetFile.A update: 20180806

version: 1.0.0.1120 detected: True

TheHacker update: 20180805

version: 6.8.0.5.3493 detected: False

ZoneAlarm result: Trojan.MSIL.Agent.fpwa update: 20180805

version: 1.0 detected: True

Cybereason result: malicious.09b7f1

update: 20180225 version: 1.2.27 detected: True

ESET-NOD32 result: MSIL/TrojanDownloader.Banload.GH update: 20180805

version: 17834 detected: True

TrendMicro result: TROJ_GEN.R002C0CBG18

update: 20180805 version: 10.0.0.1040 detected: True

BitDefender result: Trojan.GenericKD.5377634 update: 20180806

version: 7.2 detected: True

CrowdStrike result: malicious_confidence_100% (D) update: 20180723

version: 1.0 detected: True

K7AntiVirus result: Trojan-Downloader ( 004e01591 ) update: 20180805

version: 10.56.27975

(13)

detected: True

SentinelOne result: static engine - malicious update: 20180701

version: 1.0.17.227 detected: True

Avast-Mobile update: 20180805

version: 180804-04 detected: False

Malwarebytes update: 20180805

version: 2.1.1.1115 detected: False

TotalDefense update: 20180805

version: 37.1.62.1 detected: False

CAT-QuickHeal result: TrojanDownloader.Banload update: 20180805

version: 14.00 detected: True

NANO-Antivirus result: Trojan.Win32.Banload.eqcxws update: 20180805

version: 1.0.116.23366 detected: True

MicroWorld-eScan result: Trojan.GenericKD.5377634 update: 20180805

version: 14.0.297.0 detected: True

SUPERAntiSpyware update: 20180805 version: 5.6.0.1032 detected: False

McAfee-GW-Edition result: Generic.acq update: 20180805 version: v2017.3010 detected: True

TrendMicro-HouseCall result: TROJ_GEN.R002C0CBG18 update: 20180805

version: 9.950.0.1006 detected: True

(14)

total 68

sha256 5b381016e9403e854656a3b43e383287df94355308a231d5bc5c10e2ca0b1 48a

scan_id 5b381016e9403e854656a3b43e383287df94355308a231d5bc5c10e2ca0b1 48a-1533514296

resource 04faf3609b7f1739fa006d97dc54b03d

permalink https://www.virustotal.com/file/5b381016e9403e854656a3b43e383287df9 4355308a231d5bc5c10e2ca0b148a/analysis/1533514296/

positives 55

scan_date 2018-08-06 00:11:36

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

14/2/2020 - 19:45:46.15 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

14/2/2020 - 19:45:46.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:46.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:46.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:46.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

1

(15)

14/2/2020 - 19:45:46.80 9

Rea d

4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:46.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:46.80 9

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe.config

14/2/2020 - 19:45:46.80 9

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac

14/2/2020 - 19:45:46.82 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.

config

14/2/2020 - 19:45:46.82 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.

config.cch

14/2/2020 - 19:45:46.82 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterpris esec.config

14/2/2020 - 19:45:46.82 5

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterpris esec.config.cch

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls

14/2/2020 - 19:45:46.90 3

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.

nls

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 1 C:\mal

(16)

19:45:46.90 3

Op en

4 8 0

ware.e xe

C:\Users\Behemot

14/2/2020 - 19:45:46.90 3

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

14/2/2020 - 19:45:46.90 3

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2 .0.50727.312\64bit\security.config

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2 .0.50727.312\64bit\security.config.cch

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\index187.dat

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

14/2/2020 - 19:45:46.90 3

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

14/2/2020 - 19:45:46.90 Rea

1

4 C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 mscorlib.ni.d

(17)

3 d 8 0

xe 181b40a571892e14bfb9d65f2\mscorlib.ni.dll ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 Rea

d 1 4 8

C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

(18)

3 0 xe

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.90 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

(19)

0

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089

14/2/2020 - 19:45:46.91 8

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089

(20)

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.93 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

(21)

14/2/2020 - 19:45:46.93 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.93 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.93 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.93 4

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 19:45:46.93 4

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor

14/2/2020 - 19:45:46.93 4

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 19:45:46.93 4

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

1

(22)

14/2/2020 - 19:45:46.93 4

Op en

4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.93 4

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\rpcss.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\rpcss.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\rpcss.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\rpcss.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\CRYPTBASE.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\cryptbase.dll

14/2/2020 - 19:45:46.93 4

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\cryptbase.dll cryptbase.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\cryptbase.dll

1

(23)

14/2/2020 - 19:45:46.93 4

Unk no wn

4 8 0

C:\mal ware.e xe

C:\Windows\System32\cryptbase.dll cryptbase.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\uxtheme.dll

14/2/2020 - 19:45:46.93 4

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\uxtheme.dll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 1 C:\mal

(24)

19:45:46.98 1

Rea d

4 8 0

ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - Rea

1

4 C:\mal

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 mscorlib.ni.d

(25)

19:45:46.98 1

d 8

0

ware.e xe

181b40a571892e14bfb9d65f2\mscorlib.ni.dll ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Intern et Files

14/2/2020 - 19:45:46.99 7

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Intern et Files

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.config

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.99 7

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.99 Op

1

4 C:\mal

ware.e C:\Monitor\Malware

(26)

7 en 8 0

xe

14/2/2020 - 19:45:46.99 7

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Monitor\Malware

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 Rea

d 1 4 8

C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

(27)

7 0 xe

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\System32\l_intl.nls

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.99 7

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\malware.exe

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll

14/2/2020 - 19:45:46.99 7

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll

14/2/2020 - 19:45:47.12

Op en

1 4 8

C:\mal ware.e xe

C:\malware.exe.Local

(28)

0

14/2/2020 - 19:45:47.12 Op

en 1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0 .50727.4940_none_88df89932faf0bf6

14/2/2020 - 19:45:47.12

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0 .50727.4940_none_88df89932faf0bf6

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0 .50727.4940_none_88df89932faf0bf6

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\pubpol4.dat

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\GAC\PublisherPolicy.tme

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

14/2/2020 - 19:45:47.12

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

14/2/2020 - 19:45:47.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:47.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:47.12

Rea d

1 4 8

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

(29)

0

14/2/2020 - 19:45:47.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:47.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:47.12

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine .config

machine.con fig

14/2/2020 - 19:45:47.12

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c 5a73d17be9743868915d6115\System.ni.dll

14/2/2020 - 19:45:47.28

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c 5a73d17be9743868915d6115\System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

(30)

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.75

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.12 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.16 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.21 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.26 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

(31)

14/2/2020 - 19:45:47.30 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.35 6

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.40 3

Op en

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089

14/2/2020 - 19:45:47.59 0

Unk no wn

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089

14/2/2020 - 19:45:47.59 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.63 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.68 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.73 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.77 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.82 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.87 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

(32)

14/2/2020 - 19:45:47.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:47.96 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:48.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:48.59

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:48.10 6

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:48.15 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:48.24 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:48.29 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.34 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.38 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.43 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

1

(33)

14/2/2020 - 19:45:48.48 1

Rea d

4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.52 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.57 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.62 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.76 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.87 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.93 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:48.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:49.28

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:49.75

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

1

(34)

14/2/2020 - 19:45:49.12 2

Rea d

4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:49.16 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:49.21 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:49.26 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:49.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.59

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.15 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.20 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.24 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.29 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

1

(35)

14/2/2020 - 19:45:50.34 0

Rea d

4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.38 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.43 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.48 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.52 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.57 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.62 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.66 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.76 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.80 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.85 6

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 1

C:\mal

(36)

19:45:50.90 3

Rea d

4 8 0

ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.95 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:50.99 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.43

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.90

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.13 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.18 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.23 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.27 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.32 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.37 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - Rea

1

4 C:\mal

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 mscorlib.ni.d

(37)

19:45:51.41 8

d 8

0

ware.e xe

181b40a571892e14bfb9d65f2\mscorlib.ni.dll ll

14/2/2020 - 19:45:51.46 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:51.51 2

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.55 9

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.60 6

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.65 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.70 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.74 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.79 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.84 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.88 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:51.93 Rea

1

4 C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

System.ni.dll

(38)

4 d 8 0

xe 5a73d17be9743868915d6115\System.ni.dll

14/2/2020 - 19:45:51.98 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\9b0f837c

5a73d17be9743868915d6115\System.ni.dll System.ni.dll

14/2/2020 - 19:45:52.45 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.49 7

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.54 3

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.59 0

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.68 4

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.73 1

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.91 8

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:52.96 5

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - 19:45:53.12

Rea d

1 4 8 0

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 181b40a571892e14bfb9d65f2\mscorlib.ni.dll

mscorlib.ni.d ll

14/2/2020 - Rea 1

4 C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93 mscorlib.ni.d

Referências

Descarregar agora ( PDF - 106 páginas - 418.56 KB )

Documentos relacionados

Report #1398

Stack: 16384 Suspicious: False Headers. Headers: 4096 Suspicious: False

Report #13394

Stack: 4096 Suspicious: False Headers. Headers: 512 Suspicious: False

Report #6637

Stack: 16384 Suspicious: False Headers. Headers: 1024 Suspicious: False

Report #9570

Suspicious: True Directories Number: 16 Suspicious: False. Checksum

Report #10652

Stack: 4096 Suspicious: False Headers. Headers: 512

Report #10675

Stack: 4096 Suspicious: False Headers. Headers: 4096 Suspicious: False

Report #6158

Stack Stack: 4096 Suspicious: False Headers. Headers: 512 Suspicious: False

Report #13346

Address: 4194304 Suspicious: False Stack. Stack: 8192 Suspicious: False